Welcome to FS Capital’s Privacy Notice.
FS Capital respects your privacy and is committed to protecting your personal data. This Privacy Notice informs you about how we use and look after your personal data, including any data which may be provided to us in connection with loan agreements with which you are associated, or when you otherwise communicate with us and when information and personal data is provided to us relating to our business. This Notice also informs you about your privacy rights and how the law protects you.
This Notice applies to any individual whose personal information we hold or use, whether you are a lender, borrower, supplier or anyone else.
Our services are not aimed at children and we do not knowingly collect data relating to children.
Who we are
FS Capital Limited is the controller and responsible for your personal data (referred to as “FS Capital”, “we”, “us” or “our” in this Privacy Notice).
Simon Emblin is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights (including any opt-out mentioned in this Privacy Notice), please contact the Simon Emblin using the details set out below.
Contact details
Our full details are:
- Name of legal entity: FS Capital Limited (No. 12000758) registered in England and Wales
- Email address of Simon Emblin is emblin@fscapitallimited.co.uk
- Postal address of FS Capital Limited and Simon Emblin is 1 St Pauls Square, Birmingham, B3 1QU.
- Telephone number: 0330 124 2629
If you have a complaint relating to your personal data, please contact the Simon Emblin by email, telephone or post at the above address. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, prefer to deal with your concerns before you approach the ICO so please contact us in the first instance.
In this Privacy Notice, the terms “personal data”, “processing”, “data controller” and “data processor” shall have the meaning ascribed to them in the General Data Protection Regulation ((EU) 2016/679).
Contents:
- Personal data we collect
- How we use your personal data, and the legal basis for doing so
- Disclosure of personal data
- Sharing information to prevent crime or harm
- Credit reference agencies
- Where we store personal data
- Changes of Business Ownership and Control
- Security and data retention
- Your rights
- Changes to this Notice
————————————————————————-
1. Personal data we collect
We may obtain information from you directly. For example, you may give us information by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you communicate with us regarding the sums you owe to us. The information collected will include the following:
- personal details (e.g. name, date of birth, passport information or other identification information);
- contact details (e.g. phone number, email address, postal address or mobile number);
- transactional details (e.g. payments you make and receive);
- financial information (e.g. bank account number, credit or debit card numbers, financial history);
If you do not provide personal data that we request, it may mean that we are unable to provide you with the services and/or perform all of our obligations under our agreement with you.
We will also hold information we collect about you from other sources. This could include:
- the original lender to you and previous holders of your indebtedness;
- information from credit reference, fraud prevention agencies and tracing agencies;
- publicly available information about you which is available online or otherwise;
- organisations that provide their own data, or data from other third parties, to enable us to enhance the personal data we hold, and then provide other relevant and interesting products and services to you.
- criminal record checks, registers of court judgements, bankruptcies.
- postcode lookup databases, telephone number verification databases.
- people appointed to act on your behalf such as accountants.
We also collect personal data automatically when you use the website and when you navigate through the website. Data collected automatically may include:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number, usage details, geo-location data, IP addresses and other data collected through cookies and other tracking technologies.
For more information on our use of these technologies, see our Cookie Notice.
We may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, to help improve our quality of service and to help detect or prevent fraud or other crimes. Conversations may also be monitored for staff training purposes.
If you give us personal data about other people, then you confirm that they are aware of the information in this Notice about how we will use their personal data.
2. How we use your personal data, and the legal basis for doing so
This section includes details of the purposes for which we use personal information and also the different legal grounds upon which we process that personal information. We use personal information to provide and improve services and for other purposes that are in our legitimate interests, as well as for compliance purposes. Further information is set out below.
We can only process your personal data on a basis permitted by law. The legal basis will usually be one of the following:
- to allow us to take actions that are necessary in order to perform our contract with you; for example, to provide you with our services;
- necessary to allow us to comply with our legal obligations; for example, to respond to a court order or regulatory requirement;
- necessary for our or your legitimate interests; for example, to help us manage, administer, sell and/or collect the sums that you owe to us (see below for more information about this);
- where we have your consent to do so. We only ask for your consent in relation to specific uses of personal information where we need to and, if we need it, we will collect it separately and make it clear that we are asking for consent; or
- in the case of special categories of personal data, that it is in the substantial public interest.
Note that we may process your personal data on more than one lawful basis depending on the specific purpose for which we are using your data. You are welcome to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.
Legitimate interests for use
We use personal information for a number of legitimate interests, including to manage, administer, sell and/or collect the sums that you owe to us, keep our records updated, protect our business interests, run our business efficiently, recover money owed, for marketing and in order to exercise our rights and responsibilities. More detailed information about these legitimate interests is set out below.
- to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account and service information (such as changes to our terms or Privacy Notice)
- to administer our relationship with you, our business and our third-party providers (e.g., to send invoices and reminders, carry out identity checks, rectify problems and resolve queries)
- to meet our internal and external audit requirements, including our information security obligations
- to enforce our terms and conditions.
- to protect our rights, privacy, safety, networks, systems and property, or those of other persons
- for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud
- to comply with regulatory and legal obligations, and cooperate with law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence
- in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or shares (including in connection with any bankruptcy or similar proceedings)
Where we rely on legitimate interests as a lawful ground for processing your personal information, we balance those interests against your interests, fundamental rights and freedoms. For more information on how this balancing exercise has been carried out, please contact our Simon Emblin.
Automated Decision Making
The way we analyse personal data in relation to our services may involve profiling, which is processing your personal data using software that is able to evaluate your personal aspects and predict risks or outcomes. We may also use profiling, or otherwise employ solely automated means, to make decisions about you that relate to:
- credit and affordability assessment checks;
- identity and verification checks;
- anti-money laundering and sanctions checks;
- transaction monitoring for fraud and other financial crime, to prevent you committing fraud, or becoming a victim of fraud; and
- screening of individuals who may be classed as “politically exposed”.
This is known as “automated decision-making” and is only permitted when we have a legal basis for this type of decision-making. We may make automated decisions about you:
- where such decisions are required or authorised by law, for example for fraud prevention purposes; or
- where it is a reasonable way of complying with government regulation or guidance.
You have rights in relation to automated decision making, for example you can request that an automated decision is reviewed by a human being: if you want to know more please contact us using the details set out in the Contact Us section at the beginning of this Privacy Notice.
We may obtain consent to collect and use certain types of personal data when we are required to do so by law (for example, sometimes when we process sensitive personal data or when we place cookies or similar technologies on devices or browsers). If we ask for your consent to process your personal data, you may withdraw your consent at any time by following the unsubscribe instructions in our communications with you or by contacting us using the details set out in the Contact Us section at the beginning of this Privacy Notice or, if in relation to cookies or similar, via the cookie policy.
3. Disclosure of personal data
We will treat all your personal information as private and confidential (even when you are no longer an account holder). We will not reveal your name, address or any details of your relationship with us to anyone including other companies in our own group, other than in the following cases:
- Our third-party service providers. These may include for example:
- those we engage to host and maintain the website and our IT systems.
- analytics and search engine service providers that assist us in the improvement and optimisation of this website.
- payment processing service providers.
- those who assist us with or partner with us in marketing campaigns.
- SMS/Telephone provider.
- Credit reference agencies (see below at section 5);
- Third parties to which the benefit of your loan agreement(s) and/or the sums you owe to us may be transferred by us, in which case they will, under the terms of this Privacy Notice and subject to compliance with applicable law, be permitted to use personal data relating to you for the purposes described in this Privacy Notice;
- Third parties where we have a duty to or are permitted to disclose your personal information by law (e.g., government agencies, law enforcement, courts and other public authorities);
- Third parties where reasonably required to protect our rights, users, systems and services (e.g., legal counsel and information security professionals); and
- Any person you have asked us to share information with.
4. Sharing information to prevent crime or harm
We have systems that protect our customers and ourselves against fraud and other crime, including money laundering. Customer information can be used to prevent crime and trace those responsible.
As part of our ongoing monitoring of your account and to service your account, we have legal obligations that require us to obtain certain personal details to validate your identity, both at the beginning of your relationship with us and throughout it. If false or inaccurate information is provided by you, or if fraud or another financial crime is identified or suspected, we will obtain publicly available information, such as media reports or regulator publications, which may contain personal details about you such as any criminal convictions. If fraud or another financial crime is identified or suspected, we will be required to pass your personal data to fraud prevention agencies or other authorities for the prevention and/or detection of financial crime. We have legal obligations to pass this data to fraud prevention agencies and this is our legal basis for sharing personal data in this way.
The agencies we may share your personal data with are:
- The National Crime Agency.
- Action fraud.
- The Police.
- Her Majesty’s Revenue and Customs.
If we have reason to believe that you are in prison, we will obtain publicly available information, which may contain some of your personal data such as the name of the prison you are in and the length of your sentence, to update the information we hold about you and to manage your account in the most appropriate way.
If we have reason to believe that you are in immediate danger, we will pass your personal data, including any details we have about your physical or mental health, to the Police and other emergency services in order to protect your vital interests.
5. Credit reference agencies
We may perform credit and identity checks on you with one or more credit reference agencies and fraud prevention agencies. We will supply your personal data to the credit reference agencies and fraud prevention agencies, and they will provide us with information about you.
We will also continue to exchange information about you with credit reference agencies while you have a relationship with us. The credit reference agencies may in turn share your personal data with other organisations, which may be used by those organisations to make decisions about you. This may affect your ability to obtain credit.
We may also continue to collect information from credit reference agencies about you after we have ceased providing services to you, or a loan has been repaid.
When you apply for our services, you provide us with your explicit permission to access, process and retain any information you make available to us for the purposes of providing loan and payment services to you. This does not affect any rights and obligation you or we have under data protection legislation. You can withdraw this consent by notifying us. If you do this, we will stop using your data unless we have lawful grounds to do so (but this may affect our ability to provide our services). The agency that we approach will keep details of the type of search we request, even if your application with us does not proceed.
Other organisations may subsequently use the records and information held by the credit reference agency that we approach to carry out a credit search, including the details of a credit decision made about you or other persons associated with your application.
As well as using outside agencies to carry out credit and identity checks we will need to carry out our own credit checks to assess your applications for services with us or to check details relevant to your existing account with us. Where we do this, we may also use our own credit-scoring methods and carry out our own identity checks, including searching the Electoral Register.
We need to make these searches so that we obtain sufficient credit information to [make a proper assessment of how our services best provided and to help verify your identity]. Carrying out these searches helps to lessen the risk of fraud or other criminal activity taking place.
To help us form an accurate view of your existing financial commitments, searches made by us, or a credit reference agency, may “link” to the records of others that have entered into joint financial obligations with you (such as business partners and, if relevant, husbands, wives or other family members). Existing information held by credit reference agencies about you may be “linked” to other persons in this way. If so, you may be treated as financially “linked” for the purposes of any application you make to us, which means that you may be assessed in relation to joint obligations as well as those for which you are solely responsible.
We may give details of the loans that you have, and the way that you service your loans, to a credit reference agency. If you fail to comply with the conditions or the special conditions, we may tell a credit reference agency, and this may affect your ability to obtain financial services elsewhere.
Any of the information that we gather from a credit reference agency or our own research may be used by us for the management of our services to you, identification purposes, debt tracing and the prevention of money laundering.
We will check your details with fraud prevention agency/agencies and if false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations also access and use this information to prevent fraud and money laundering.
Please contact us on 0330 124 2629 or info@fscapitallimited.co.uk if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
You have a right to access records held by a credit reference or fraud prevention agency. If you ask, we will tell you how to get a copy of the information that credit reference agencies have about you, or their leaflets that explain how credit referencing works. You should contact them directly and there may be a small charge for this. We are happy to provide contact details for such agencies on request.
Sometimes we may be approached by another person requesting that we provide a financial reference about you. If this happens, we will contact you and ask you to provide your written permission to do this.
The Credit Reference Agency Information Notice (CRAIN) describes how the three main credit reference agencies in the UK each use and share personal data. The CRAIN is available on the credit reference agencies’ websites:
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
6. Where we store personal data
If you live in the EU (or the UK following Brexit), the personal data relating to you that we collect may be transferred to, and stored at, locations outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.
As described in this Privacy Notice, we may also share personal data relating to you with third parties who are located overseas, for business purposes and operational, support and continuity purposes, for example, when we use IT service providers or data storage services.
Countries where personal data relating to you may be stored and/or processed, or where recipients of personal data relating to you may be located, may have data protection laws which differ to the data protection laws in your country of residence. By submitting your personal data, you accept that personal data relating to you may be transferred, stored or processed in this way. We take measures to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests and in accordance with this Notice.
These measures include:
- Transfers of your personal data to countries which are recognised as providing an adequate level of legal protection for personal data;
- We have obtained the consent of data subjects to the international transfer of their personal data;
- Transfers to organisations where we are satisfied about their data privacy and security standards and protected by contractual commitments such as signing the Standard Contractual Clauses and, where available, further assurances such as certification schemes; and
- If transferred to the United States of America, the transfer will be to organizations that are part of the Privacy Shield.
You have the right to ask us for more information about our safeguards. Please contact the Simon Emblin (see the Contact Us section at the beginning of this Privacy Notice).
7. Changes of Business Ownership and Control
We may, from time to time, expand, reduce or sell our business, and this may involve the transfer of certain divisions or the whole business to other parties. Personal data relating to you will, where it is relevant to any division so transferred, be transferred along with that division to prospective buyers and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use personal data relating to you for the purposes.
8. Security and data retention
Security
Unfortunately, the transmission of information and data via the internet is not completely secure. Although we will do our best to protect personal data relating to you, we cannot guarantee the security of such data transmitted to the website; any transmission is at your own risk. Once we have received personal data relating to you, we use strict procedures and security features to try to prevent unauthorised access.
The security of personal data regarding you is a high priority. We take such steps as are reasonable securely to store personal data regarding you so that it is protected from unauthorised use or access, misuse, loss, modification or unauthorised disclosure. This includes both physical and electronic security measures. Examples include the use of passwords, locked storage cabinets and secured storage rooms. Other features include:
- storing information on secured networks consistent with industry standards, which are only accessible by those employees who have special access rights to such systems;
- using industry-standard encryption technologies when transferring or receiving personal data, such as SSL technology;
- restrictions are placed on the electronic transfer of files;
- our IT networks undergo regular necessary vulnerability testing to identify and remedy potential opportunities for unauthorised data access; and
- robust management of boundary firewalls, access controls, malware protection and patch release processes towards protecting customer data.
Retaining your data
We will keep your personal data for as long as we have a relationship with you. Once our relationship with you has come to an end (e.g. following closure of your account, repayment of all sums owing by you to us or following a transaction), we will only retain your personal data for a period of time that is calculated depending on the type of personal data, and the purposes for which we hold that information.
We will only retain information that enables us to:
- maintain business records for analysis and/or audit purposes;
- comply with record retention requirements under the law;
- defend or bring any existing or potential legal claims;
- maintain records of anyone who does not want to receive marketing from us;
- deal with any future complaints regarding the services we have delivered;
- assist with fraud monitoring; or
- assess the effectiveness of marketing that we may have sent you.
We have a retention policy which helps us ensure information is only held for the correct period. We then delete or de-identify your data. The retention period is generally linked to the amount of time available to bring a legal claim, which in many cases is six or seven-years following closure of your account or following a transaction. We will retain your personal data after this time if we are required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require your personal data to be retained, or for regulatory or technical reasons. If we do, we will continue to make sure your privacy is protected.
9. Your rights
You have certain rights regarding your personal data. These include the rights to:
- request a copy of the personal data we hold about you;
- request that we supply you (or a nominated third party) with an electronic copy of the personal data that you have provided us with;
- inform us of a correction to your personal data;
- exercise your right to restrict our use of your personal data;
- exercise your right to erase your personal data; or
- object to particular ways in which we are using your personal data (such as automated decision making, or profiling (for example to help us decide what products and services would suit you best); or
- understand the basis of international transfers of your data by us.
Where we rely on our legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests. Where processing is carried out based upon your consent, you have the right to withdraw that consent.
Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right does not apply to the particular data we hold on you.
You should note that if you exercise certain of these rights we may be unable to continue to provide some or all of our services to you (for example where the personal data is required by us to comply with a statutory requirement, or is necessary in order for us to perform our contract with you).
We ask that you contact us to update or correct your information if it changes or if the personal data, we hold about you is inaccurate.
Please contact the Simon Emblin if you wish to exercise any of your rights.
If you have a concern about the way we are collecting or using personal data relating to you, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.
10. Changes to this Notice
We review and amend our Privacy Notice from time to time. Any changes we make to this Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Notice. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the www.fscapitallimited.co.uk.
Last updated: 29 October 2019