Asset Finance Compared™ and Midlands Asset Finance Limited (”We”) are committed to protecting and respecting your privacy.
For the purpose of the Data Protection Act 2018 (the Act), the data controller is Midlands Asset Finance Limited of 22 Maisies Way, The Village, South Normanton, Derbyshire DE55 2DS.
Our nominated representative for the purpose of the Act is Mrs Susan Chapman.
INFORMATION WE COLLECT FROM YOU
We will collect and process the following data about you:
- Information you give us. This is information about you that you give us by filling in forms on our site www.assetfinancecompared.co.uk (our site) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, subscribe to our service, search for a quote, and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, company name, financial and credit card information, personal description, description of assets required, and specification including term required, product type, deposit and supplier details if known.
- Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), quotes you viewed or searched for page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
- Information we receive from other sources. This is information we receive about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
- Credit searches By requesting a quotation on our website, You consent to Us sharing Your company and, if You are a director or owner of the company, Your personal data with credit reference agencies to carry out quotation searches on Your behalf. The quotation search is a soft search and will only leave a soft footprint on your credit file and can only be viewed by you. Where carried out, a record of the quotation searches will be recorded on Your credit report in the name of Midlands Asset Finance Limited, but will not be seen by other lenders. These searches will not affect Your credit rating and are undertaken to establish your residency and identity, to protect you for fraud prevention purposes. If You choose to pursue an offer with a third party funder, they may wish to perform a full credit search on You and/or Your business as part of their full application process. Full credit searches are recorded on Your credit reports and can be seen by other lenders.
- A full credit search may however be required by the funder as a condition of sanction of the facilities. For Sole Proprietorships or Partnerships, a full credit search will be required by the funder in order for the transaction to be formally credit approved. For Limited companies and LLP’s trading less than 3 years, full credit searches may be required on the directors for the transaction to be formally credit approved.
- If a full search is required this would be carried out by the third party funder and not by Midlands Asset Finance Limited. Please be aware that multiple full searches against either You or Your business may have an adverse impact on Your credit score.
- In order to process your application we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
Information you give to us. We will use information We hold about You and Your business for the purposes of helping find the most suitable finance offers for You and Your business. We will also use this information:
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
- to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. However, We will not share information about You with third parties for direct marketing purposes without Your consent. We may use Your contact information to send You marketing messages unless You have explicitly expressed a preference for Us not to. If You receive marketing communications from us, where appropriate, We will ensure You have the opportunity to unsubscribe or amend Your marketing preferences. To amend Your preferences at any time, please contact us via the details below: Asset Finance Compared™, 22 Maisies Way, The Village, South Normanton, Derbyshire. DE55 2DS, email [email protected] or log on to assetfinancecompared.co.uk. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the registration form);
- to notify you about changes to our service;
- to ensure that content from our site is presented in the most effective manner for you and for your computer.
- Should you wish to pursue an offer through us, we may ask for a copy of your identification, including but not limited to, a U.K passport, a U.K driving licence photocard and utility bill.
- Information we collect about you. We will use this information:
- to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep our site safe and secure;
- to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
- Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
DISCLOSURE OF YOUR INFORMATION
We will use information We hold about You and Your business for the purposes of helping find the most suitable finance offers for You and Your business.
Where appropriate, We may give such information to credit reference agencies, fraud – prevention agencies, finance providers, lawyers, auditors, and to law enforcement agencies (and their agents and contractors).
You agree that we have the right to share your personal information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- Selected third parties including:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users (for example, we may inform them that 500 plumbers aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, businesses in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
- analytics and search engine providers that assist us in the improvement and optimisation of our site;
- credit reference agencies for the purpose of assessing your credit score to enable us to issue an automated quote with the best deal available.
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
- If Midlands Asset Finance Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
WHERE WE STORE YOUR PERSONAL DATA
The initial provision of data collection, (through assetfinancecompared.co.uk), is stored on secure cloud-based server technologies. Data is also stored on physical, secure servers based at our premises. This is in instances where you provide us with personal data, (including but not limited to bank statements, identification, utility bills, and other media). We keep back-ups of our server for up to 30 days, in the interest of security and business continuity.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you, or where you have chosen, a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at [email protected].
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We operate under the Data Protection Act 2018 (‘DPA’) and the European General Data Protection Regulation (‘GDPR’).
The DPA and GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.
We must ensure that personal data shall be:
- a) Processed lawfully, fairly and in a transparent manner
- b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- d) Accurate and where necessary kept up to date
- e) Kept for no longer than is necessary for the purposes for which the personal data are processed. We operate a data retention policy that ensures we meet this obligation. We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so. For detail of our current retention policy contact our privacy officer at [email protected]
- f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
We ensure lawful processing of personal data by obtaining consent; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.
In the majority of cases we process personal data based on your contract with us. In other cases, we process personal data only where there are legitimate grounds for so doing.
To meet our Data Protection obligations, we have established comprehensive and proportionate governance measures.
We ensure data protection compliance across the organisation through:
- a) Implementing appropriate technical and organisational measures including internal data protection policies, staff training, internal audits of processing activities, and reviews of internal HR policies
- b) Maintaining relevant documentation on processing activities
- c) Implementing measures that meet the principles of data protection by design and data protection by default including data minimisation, pseudonymisation, transparency, deploying the most up-to-date data security protocols and using data protection impact assessments across our organisation and in any third party arrangements
Under the GDPR You have the following specific rights in respect of the personal data we process:
- The right to be informed about how we use personal data – This Privacy Statement explains who we are; the purposes for which we process personal data and our legitimate interests in so doing; the categories of data we process; third party disclosures; and details of any transfers of personal data outside the UK
- The right of access to the personal data we hold. In most cases this will be free of charge and must be provided within one month of receipt
- The right to rectification where data are inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request
- The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The right to restrict processing, for example while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but not further process it until such time as we have resolved the issue
- The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services
- The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is for necessary for the performance of a public interest task
- Rights in relation to automated decision making and profiling
Please contact our privacy officer at [email protected] for more information about the GDPR and your rights under Data Protection law.
If you have a complaint about data protection at Midlands Asset Finance, please contact our privacy officer at [email protected]
Alternatively contact our supervisory authority for data protection compliance: www.ico.org.uk:
Information Commissioner’s Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
ACCESS TO INFORMATION
The GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the GDPR. We will not charge you for providing the information but may charge you a reasonable fee for supplying any additional copies.
Last updated 24th May 2018.