What is this Privacy Policy for?

This privacy policy is for this website hadriancapitalfinance.co.uk and served by Hadrian Business Solutions Ltd and governs the privacy of its users who choose to use it.

The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.

The Website

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

Use of Cookies

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device.

Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information [ http://www.google.com/privacy.html ].

Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

Contact & Communication

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.

This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.

Email Newsletter

This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 1998. No personal details are passed on to third parties nor shared with companies / people outside of the company that operates this website. Under the Data Protection Act 1998 you may request a copy of personal information held about you by this website’s email newsletter program. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.

Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list].
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website.

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Adverts and Sponsored Links

This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.

Clicking on any such adverts will send you to the advertisers website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may in turn be saved on your computers hard drive. Users should therefore note they click on sponsored external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

 

[Hadrian Capital Finance]

Data Protection Policy

 

CONTENTS

 

 

Section Title
 

1

 

Introduction

2 Why this Policy Exists
3 Data Protection Law
4 Responsibilities
5 Data Protection Impact Assessments (DPIA)
6 Individuals’ Rights
7 Subject Access Request (SAR)
8 Complaints
9 Data Use
10 Data Security and Storage
  1. Introduction

[Hadrian Capital Finance] needs to gather and use certain information about individuals.

This can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.

This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.

  1. Why this policy exists

This data protection policy ensures [Hadrian Capital Finance];

  • complies with data protection law and follows good practice
  • protects the rights of all individuals’ data
  • is open about how it stores and processes individuals’ data in line with individuals’ rights
  • protects itself from the risks of a data breach
  1. Data protection law

The General Data Protection Regulations describe how organisations — including [Hadrian Capital Finance]— must collect, handle and store personal information.  These rules apply regardless of whether data is stored electronically or otherwise.

To comply with the law, personal information must be;

 

  • processed lawfully, fairly and in a transparent manner in relation to individuals;
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

 

 

 

 

 

Record Keeping:

 

A range of information must be detailed in our internal records of processing activities. Such areas include;

 

  • name and details of the organisation
  • include, if appropriate, details of other data controllers, the organisation’s representative and data protection officer
  • purposes of processing the data
  • description of the categories of individuals and the categories of personal data
  • categories of the recipients of personal data
  • details of transfers of data to third parties or abroad, including details of safety mechanisms
  • retention schedules
  • technical and organisational security measures

 

[Hadrian Capital Finance] ensures that records of these activities are kept and are updated accordingly. Individuals’ data is kept on file for 6 years in line with the Financial Conduct Authorities record keeping rules. After which point, personal data is retracted to the point it is unidentifiable and used for statistical purposes only.

 

  1. Lawful Basis for Processing Data

 

Under GDPR, it is a requirement that [Hadrian Capital Finance] has a valid lawful basis to process personal data, this should be documented. Most lawful bases require that processing is ‘necessary’.

 

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever [Hadrian Capital Finance] process personal data:

 

Processing is lawful under GDPR as:

 

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

 

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

 

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

 

(d) Vital interests: the processing is necessary to protect someone’s life.

 

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

 

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

 

[Hadrian Capital Finance] has chosen this basis for processing data as it is requested from the individuals that we capture data before entering into a contract (e.g. provide a quote for finance).

 

  1. Responsibilities

 

[Hadrian Capital Finance] acts as a data Controller and data Processor. All staff are responsible for ensuring that the highest data standards and best practices are met on a continual basis.

 

Although a Data Protection Officer (DPO) has not been appointed as [Hadrian Capital Finance] does not fall within the scope, the Directors and Owners of the Business are accountable and responsible for compliance with GDPR and will take on the tasks appointed to them as if they were a DPO.

 

  1. Data Protection Impact Assessments (DPIA)

 

[Hadrian Capital Finance] has a general obligation to implement technical and organisational measures to demonstrate that data protection is integrated into our processing activities. A Data Protection Impact Assessment is conducted each time [Hadrian Capital Finance] consider implementing using new technologies

 

The DPIA will pertain at least;

  • a description of the processing operations and the purposes, including, where applicable, the legitimate interests pursued by the controller;
  • an assessment of the necessity and proportionality of the processing in relation to the purpose;
  • an assessment of the risks to individuals;
  • the measures in place to address risk, including security and to demonstrate that you comply.

 

  1. Individuals Rights

 

Individuals now have more rights under GDPR, [Hadrian Capital Finance], these are;

 

  • the Right to be Informed
  • the Right of Access
  • the Right to Rectification
  • the Right to Erasure
  • the Right to Restrict Processing
  • the Right to Data Portability
  • the Right to Object
  • rights in relation to automated decision making and profiling.

 

[Hadrian Capital Finance] provide every customer with a Privacy Notice at the point data is captured.

 

The information supplied in this notice demonstrates how [Hadrian Capital Finance] is transparent over our data processing. The notice is;

 

  • concise, transparent, intelligible and easily accessible;
  • written in clear and plain language, particularly if addressed to a child; and free of charge.

 

We include details of (but not limited to);

 

the Data Controller, the lawful reason for processing data, if any third parties have legitimate interests, categories of personal data, categories of recipients such as banks and credit unions, the data retention periods,

 

the individuals’ rights; including the right to withdraw, where the individual can complain about how the data is processed with a supervisory authority, source of data when it comes from a third party and where personal data is part of a contractual requirement or obligation.

 

Rectification

 

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If [Hadrian Capital Finance] has disclosed the personal data in question to third parties, then we will inform them of the rectification where possible.

 

[Hadrian Capital Finance] will respond to this request within one month or extended by two months where the request for rectification is complex.

 

 

Erasure

 

Individuals have a right to have personal data erased and to prevent processing in specific circumstances;

 

  • where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
  • when the individual withdraws consent.
  • when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
  • the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
  • the personal data must be erased to comply with a legal obligation.
  • the personal data is processed in relation to the offer of information society services to a child.
  • under the GDPR, this right is not limited to processing that causes unwarranted and substantial damage or distress. However, if the processing does cause damage or distress, this is likely to make the case for erasure stronger.

 

[Hadrian Capital Finance] may refuse to comply with a request for erasure where the personal data is processed for the following reasons;

 

  • to exercise the right of freedom of expression and information;
  • to comply with a legal obligation for the performance of a public interest task or exercise of official authority.
  • for public health purposes in the public interest;
  • archiving purposes in the public interest, scientific research historical research or statistical purposes; or
  • the exercise or defence of legal claims.

 

If [Hadrian Capital Finance] has disclosed the personal data in question to third parties, a notification will be sent, informing them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so.

 

Restrict processing

 

[Hadrian Capital Finance] will restrict the processing of personal data in the following circumstances;

 

  • where an individual contest the accuracy of the personal data, you should restrict the processing until you have verified the accuracy of the personal data.
  • where an individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and you are considering whether your organisation’s legitimate grounds override those of the individual.
  • when processing is unlawful, and the individual opposes erasure and requests restriction instead.
  • if you no longer need the personal data but the individual requires the data to establish, exercise or defend a legal claim.

 

if any data has been disclosed to third parties, [Hadrian Capital Finance] will notify them about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so.

 

Portability

 

For personal data an individual has provided to a controller; where the processing is based on the individual’s consent or for the performance of a contract; and when processing is carried out by automated means, [Hadrian Capital Finance] must provide the personal data in a structured, commonly used and machine-readable form. Open formats include CSV files. Machine readable means that the information is structured so that software can extract specific elements of the data. This enables other organisations to use the data.

 

[Hadrian Capital Finance] must provide this service free of charge.

 

If the individual requests it, we may be required to transmit the data directly to another organisation if this is technically feasible. [Hadrian Capital Finance] will respond without undue delay, and within one month or extended by two months where the request is complex or receive many requests.

 

Objecting

 

If an individual has objected to processing data or direct marketing, [Hadrian Capital Finance] will cease to process the data.

 

Individuals must have an objection on “grounds relating to his or her particular situation”.

 

[Hadrian Capital Finance] will stop processing the personal data unless;

 

  • compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
  • the processing is for the establishment, exercise or defence of legal claims.

 

This is brought to the attention of the data subject at the first point of communication and in our privacy notice. This is separated out from any other information.

 

Direct marketing purposes

 

As soon as an objection is received, [Hadrian Capital Finance] will stop processing personal data for direct marketing purposes.  This will be actioned at any stage and is free of charge.

 

Automated decision making including profiling

 

[Hadrian Capital Finance] understand that any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyse, or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behaviour falls under this right. Where this is conducted, the rules and guidance of the ICO will be adhered to and followed. To date, [Hadrian Capital Finance] does not conduct automated decision making including profiling.

 

  1. Subject Access Requests (SAR)

Individuals who are the subject of personal data held by [Hadrian Capital Finance] are entitled to;

 

  • confirmation that their data is being processed;
  • access to their personal data; and
  • other supplementary information – this largely corresponds to the information that should be provided in a privacy notice

 

Individuals contacting the company requesting this information, this is called a Subject Access Request.

 

[Hadrian Capital Finance] will provide a copy of the information free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive.

 

A reasonable fee may also be charged to comply with requests for further copies of the same information. The fee is based on the administrative cost of providing the information only.

 

Once the identity of the person making the request has been verified, the information will be provided within 1 month, this will be extended to 2 months if the request is complex. Notification will be made to the individual if this is the case.

 

  1. Complaints

 

It is made clear that data subjects who wish to complain about how their personal data has been processed can raise this with [Hadrian Capital Finance] complaints procedure. If the data subject is still not happy, then the complaint can be referred to the Information Commissioners Office.

 

  1. Data Security and Storage

When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see or have access to it. These guidelines also apply to data that is usually stored electronically but has been printed out for some reason;

  • when not required, the paper or files should be kept in a locked drawer or filing cabinet.
  • employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer;
  • data printouts should be shredded and disposed of securely when no longer required.

 

When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts;

  • data should be protected by strong passwords or encryption products;
  • if data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used;
  • data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computingservices;
  • servers containing personal data should be sited in a secure location, away from general office space;
  • data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures;
  • data should never be saved directly to laptops or other mobile devices like tablets or smart phones;
  • all servers and computers containing data should be protected by approved security software and a firewall.

 

The point that personal data is accessed is when it can be at greatest risk of loss, corruption, theft, unlawful access, [Hadrian Capital Finance] will;

  • when working with personal data, employees should ensure the screens of their computers are always locked when left unattended;
  • personal data should not be shared informally. It should never be sent by email, as this form of communication is not secure.
  • data must be encrypted before being transferred electronically.
  • personal data should never be transferred outside of the European Economic Area unless contractual arrangements are in place highlighting adequate safeguards and protection to the rights of individuals.
  • employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.

(Hadrian Capital Finance )   Privacy Notice

 

Who we are

 

Hadrian Capital Finance are a trading style of Hadrian Business Solutions Ltd which are Commercial Finance Brokers based in 7 Meadow Vale, Northumberland Park, Shiremoor, NE27 0BD. We act as a Broker and Commercial Finance Advisor for our customers. Hadrian Capital Finance are Authorised and Regulated by the Financial Conduct Authority. FRN:779661

 

 

How we will use the information about you

 

Here at Hadrian Capital Finance we take your privacy seriously and will use your personal information in several ways which will help us;

 

  1. Identify the most appropriate lender, broker or packager for your borrowing requirements
  2. Prevent Fraud
  3. Ensure Full Compliance with FCA Audit Requirements
  4. To help with statistical analysis,
  5. To provide information for Credit Reference Checks

 

We may share your information with, and obtain information about you from, credit reference agencies or fraud prevention agencies, If you apply to us for insurance we will pass your details to the insurer.

 

Information you provided may be put onto a register of claims and shared with other insurers to prevent fraudulent claims.

 

We will not disclose your information to any company outside of the Banks, Lenders, Brokers and Packagers we have identified to support you except to help prevent fraud or if required by law to do so.

 

For further information on how your information is used, how we maintain the security of your information and your rights to access/alter and change information we hold on you, please contact enquiries@hadriancapitalfinance.co.uk .

 

Additional Marketing

 

From time to time we would like to contact you with detail of other services we provide, details of special offers and general market / lender news and updates. If you consent to us contacting you for this purpose please tick to say how you would like us to contact you.

 

☐Post

☐Email

☐Phone

☐Text

☐Automated Call

 

 

Your Personal Data:

 

What we need

 

Hadrian Capital Finance will be what is known as the Data Controller and Processor of the personal data you provide to us. We collect personal data about you which may also include any special types of information or location-based information.

 

 

We also gather

 

Your name, address, email, telephone number, details of dependents ,employment details, personal asset and liability statement, credit history and general financial status.

 

Why we need it

 

We need to know your basic personal data to provide you with an accurate recommendation for your personal circumstances. We will not collect any personal data from you we do not need to provide and oversee this service to you.

 

For processing of data to be lawful under GDPR Hadrian Capital Finance use the data under the following;

 

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

 

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

 

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

 

(d) Vital interests: the processing is necessary to protect someone’s life.

 

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

 

(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

 

 

What we do with it

 

Automated Decision Making:

 

Hadrian Capital Finance will pass your data captured to Banks, Lenders, Brokers and Packagers who may use automated decision-making in respect of your application for finance. We will only collect the minimum amount of data needed and have a clear retention policy for the profiles we create.

 

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or any significant affects. You can request human intervention and challenge a decision made this way by contacting enquiries@hadriancapitalfinance.co.uk

 

All the personal data we use is controlled by Hadrian Capital Finance in the UK, however, for the purposes of IT hosting and maintenance, this information is located on servers within the European Union. No 3rd parties have access to your personal data unless the law allows them to do so.  We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. More information on this framework can be found on our website.

 

We may pass your data to Banks, Lenders, Brokers and Packagers to provide you with offers of products suitable to meet your customer requirements.

 

Your data provided to us is stored securely on our encrypted Computer server which is located in the UK

 

How long we keep it

 

We are required under current regulations to keep your basic personal data provided to us including name, address, telephone and email contact information for a minimum of 6 years, after which time it will be destroyed. The information used for marketing will be kept with us until you notify us that you no longer wish to receive this information.

 

What are your rights?

 

If at any point you believe retained information is incorrect you can request to see this information and even have it corrected and possibly deleted. Providing you with this information is free of charge, but charges may apply for excessive requests.

 

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

 

Where relevant, you have the right to withdraw consent and object at any time and this means that we cannot process your data provided without your consent.

 

More information about your rights can be found on the Information Commissioners website. https://ico.org.uk/

 

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).

 

Our Data Protection Officer is Mark Dowell and you can contact them at enquiries@hadriancapitalfinance.co.uk .

 

 

We will share your details with the Banks, Lenders , Brokers and Packagers whom we believe can best serve your requirements so that they process your information, allowing Insert Hadrian Capital Finance to offer suitable and sustainable products that they provide. If you consent to us passing your details for the purposes within the notice, please sign to confirm.

 

Signed…………………………………………….                Print Name………………………………………                Dated…………………….