1 – Introduction
1.1 We are committed to safeguarding the privacy of Beat the Banks website visitors and service users.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of Beat the Banks website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
1.4 In this policy, “we”, “us” and “our” refer to Beat The Banks.
2- Personal data we collect and its source
2.1 In this Section 2 we have set out the general categories of personal data that we may process and the source of that data;
2.2 We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system.
2.3 We may process your account data (“account data”). The account data may include your name and email address. The source of the account data is you.
2.4 We may process your information included in your personal profile on our website (“profile data”). The profile data may include your name, address, telephone number, email address, profile pictures.
2.5 We may process your personal data that are provided in the course of the use of our services (“service data”). The source of the service data is you.
2.6 We may process information that you post for publication on our website or through our services (“publication data”).
2.7 We may process information contained in any enquiry you submit to us regarding our services (“enquiry data”).
2.8 We may process information relating to transactions, including purchases of services, that you enter into with us and/or through our website (“transaction data”). The transaction data may include your contact details, your card details and the transaction details.
2.9 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data”).
2.10 We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.
2.11 We may process information relating to your finances including previous lenders/financial providers (including individuals or organisations that have provided financial advice or products) used by you and the financial products/services taken which may be provided by you or your lenders/providers (“financial data”).
2.12 We may process information relating to your marketing and communications preferences (“marketing data”). This includes preferences for receiving marketing from us and our third party partners and your communication preferences.
2.13 We may process information relating to your health (“special category data”). This will only be processed where you have provided this to us for the purpose of your claim and we have your explicit consent to do so.
3 – The legal basis on which we process your information
3.1 The legal basis for processing your personal information depends upon the nature of our relationship with you and the context of processing and are as follows:
- Processing is necessary for the performance of a contract with you, or to take steps prior to entering into a contract with you.
- Processing is necessary for the purposes of your legitimate interests or our legitimate interests, where your fundamental rights and interests do not override those interests. In order to determine this, we shall undertake a Legitimate Interests Assessment.
- Processing is necessary for compliance with mandatory legal and/or regulatory obligations to which we are subject.
- Processing is undertaken after you have given us your express consent.
3.2 What we use your personal information for
|We collect/store or use your information to…||Legal basis|
|provide the service you have requested||Contract|
|send to our partner claims management companies, solicitors or estate agents||Consent|
|send to our service provider/contractor partners||Contract and/or Legitimate Interests|
|to enforce or apply our terms and conditions and/or other agreements||Legitimate Interests|
|send you information or marketing about our products and services||Legitimate Interests and/or Consent|
|provide annual statistics to our regulator||Legal obligation|
|resolve complaints against us or the establishment, exercise or defence of legal claims||Legitimate Interests and/or Legal Obligation|
|gather feedback to enable us to improve our website, products and services||Legitimate Interests|
|verify your identity where we receive requests to access or change the information we hold about you||Legal obligation|
|maintain our accounts and records||Legal obligation|
|comply with legal and regulatory obligations||Legal Obligation|
|research and analyse trends to better understand how users are using our website and services in order to improve them||Legitimate Interests|
|inform you about changes in our services and important service related notices, such as security and fraud issues||Legal obligation|
|maintaining insurance coverage, managing risks, or obtaining professional advice||Legitimate interests and/or Legal Obligation|
4.1 Providing your personal data to others
4.1 We may disclose your personal data to our insurers and/or professional advisers in so far as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.2 We may disclose personal data to our suppliers or subcontractors, such as compliance consultants and legal advisers, in so far as is reasonably necessary for the performance of our contract with you.
4.3 Financial transactions relating to our website and services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies here http://www.axcessps.com/privacy.html
4.5 In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
4.6 We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.7 We may disclose your personal data to debt collection firms to enforce or apply our terms and conditions and/or other agreements.
4.8 Any external processors, who process your data on our behalf, are subject to a data processing agreement to ensure the safety and protection of your data. None of our processors are allowed to use your data for any other purposes than instructed by us.
5 – International transfers of your personal data
5.1 In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
5.2 We do not have offices and facilities in any country other than the UK and the hosting facilities for our website are situated in the UK.
5.3 We use an email provider who’s database resides in the USA. On initial sign up, your email address will be held securely in the USA. Transfers will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
5.4 We may transfer your data to our partner estate agent firms in Spain, upon your consent to do so. Spain is covered by UK “adequacy regulations”, which set out in law that that the legal framework in that country has been assessed as providing ‘adequate’ protection for individuals’ rights and freedoms for their personal data.
5.5 You acknowledge that personal data that you submit for publication through our website may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
6 – Marketing
6.1 You are provided with choices regarding marketing and we record your preferences in relation to this and how we communicate with you.
6.2 We may rely on consent when we use your personal information for direct marketing. This will be where you have specifically consented to us, or a third party, that you are happy to receive marketing contact from us.
6.3 We may also rely on legitimate interests for our direct marketing. Our Legitimate Interests are to inform individuals about products or services which may be of interest to them and our commercial interests in operating our business, which includes acquiring new customers, providing additional services to existing or previous customers that are similar or aligned with previous products or services and, expanding our operations.
6.4 You may also receive marketing communications from us if you have previously purchased similar products or services from us and, in each case, you have not opted-out of receiving that marketing. This is known as a ‘soft opt-in’.
6.5 Such marketing communications may be in relation to claims management, financial advice/services or estate agency services, which could be done by telephone, email, SMS or in writing.
6.7 If you require any further information about the lawful basis we have relied on to send direct marketing to you, please do not hesitate to contact us.
7- Retaining and deleting personal data
7.1 This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
7.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
7.3 We also have legal and regulatory obligations to hold certain pieces of information for specific timeframes for example, we are required to keep a copy of telephone call recordings for a period of 12 months after our last contact with you.
7.4 Where we have provided a service to you, we will hold all information relevant to this for 6 years to enable us to address any claims/complaints made about our service.
7.5 Information relating to any complaints will be held for a further 3 years.
7.6 We also need to keep some of your information for our accounting and reporting requirements.
7.7 Your contact details will be held for the purposes of direct marketing for 3 years from our last contact with you, this is to enable us to let you know about new products or services that may be of interest to you as detailed above in Section 6.
8 – Amendments
8.1 We may update this policy from time to time by publishing a new version on our website.
8.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
8.3 We may notify you of changes to this policy by email, post, SMS, letter or our safe and secure private messaging service.
9 – Your rights
9.1 You have the following rights in accordance with the GDPR and DPA:
- To know that your data is being processed
- To access your personal data free of charge
- To have your information corrected if inaccurate (Including ensuring any third party puts right any inaccuracy)
- To request that your data be erased
- To restrict processing
- To request transfer of your data
- To object to processing; and
- To rights relating to automated decision making
9.2 You may request that we to provide you with any personal information we hold about you. Provision of such information may be subject to the supply of appropriate evidence of your identity for this purpose, we will usually accept a photocopy of your passport/driving license plus a copy of a utility bill showing your current address. In some circumstances we may require these documents to be certified by an approved person.
9.3 We may withhold personal information that you request to the extent permitted by law.
9.4 You may instruct us at any time not to process your personal information for marketing purposes.
9.5 If at any point you wish to raise a complaint regarding our data handling then you have the right to complain to the Information Commissioner’s Office (ICO) the supervisory authority for data protection issues in the UK. However, we would appreciate to opportunity to deal with any concerns directly with you in the first instance.
10- About cookies
10.1 A cookie is a file containing an identifier a string of letters and numbers that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
10.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
10.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
11 – Cookies that we use
12 – Cookies used by our service providers
13 – Managing cookies
13.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can, however, obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
13.2 Blocking all cookies will have a negative impact upon the usability of many websites.
13.3 If you block cookies, you will not be able to use all the features on our website.
14 – Our details
14.1 This website is owned and operated by Beat the Banks, a trading name of PPI Reclaims (Scotland) Ltd.
14.2 We are registered in Scotland with our registered company number SC413541 and our registered office is at Beat the Banks, 87 Commercial Street, Dundee, DD1 2AB.
14.3 We a registered with the Information Commissioners Office, the regulator for data protection, with reference number Z3053051.
14.3 Our principal place of business is at Beat the Banks, 87 Commercial Street, Dundee, DD1 2AB.
14.4 You can contact us:
(a) by post, to the postal address given above;
(b) using our website contact form;
(c) by telephone, 08001931234
(d) by email, firstname.lastname@example.org
(e) in person by visiting our office