A copy of the new Data Protection Statement is below for you to read. This replaces the existing statement you signed up to when you opened your account.
Your personal data is data which by itself or with other data available to us can be used to identify you. Where two or more people are named, this data protection statement applies to each person separately.
The Personal Data we collect about you
Personal data collected, used, stored and transferred to us may include:
- Identity Data including forenames, last name, and username or similar identifier
- Contact Data including office address, email address and telephone numbers
- Financial Data including payment card details,
- Technical Data including internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used to access our website
- Biometric Data
How we collect your personal data?
Personal data is collected by us using the following methods
- Direct interactions with our staff by post, phone, email or
- Automated technologies or interactions with our website, by using any web enquiry form or quotation engine, processing identity, Contact, Financial and Technical categories or personal data
- Third parties or publically available sources.
How we use your personal data?
We use your personal data in the following circumstances:
- To initially engage with you when you interact with us
- To manage our relationship with you which will include;
- E-mails, calls and other communications on your file
- To manage and perform your transaction and perform our contract with you
- To update our records
- To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
- To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
- As necessary for our own legitimate interests or those of other persons and organisation e.g.
- For good governance, accounting and managing and auditing our business operations;
- To monitor emails, calls, other communications on your transaction
- To grow our business
- As necessary to comply with legal obligation e.g.
- When you exercise your rights under data protection law and make requests;
- For compliance with legal and regulatory requirements and related disclosures;
- For establishment and defence of legal rights;
- For activities relating to the prevention, detection and investigation of a crime;
- To verify your identity, fraud prevention and anti-money laundering checks; and
- To monitor emails, calls, and other communications, and activities on your account
We will only use your personal data for the purposes stated above, unless we reasonably consider that we need to us it for another reason and it is compatible with the original purpose. Please contact us for an explanation as to how any new processing compatible with the process.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so. Please also note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is permitted by law.
We’ll tell you if providing some personal data is optional, including if we ask for your consent to process it.
Monitoring of communications
Subject to applicable laws, we’ll monitor and record your calls, emails, text messages, social media messages and other communications in relation to your dealings with us. We’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane contents, for quality control and staff training, and when we need to see a record of what’s been said. We may also monitor activities on your account where necessary for these reasons and this is justified by our legitimate interest or our legal obligations.
You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.
Sharing of your personal data
Subject to applicable data protection law, we may share your personal data with:
- Lenders. As part of the transaction process and as part of contractual requirements for Lender for the provision of panel audit information;
- Subcontractors and other persons who help us provide our products and services;
- Companies and other persons providing services to us;
- Our legal and other professional advisors, including our auditors;
- Government bodies and agencies in the UK and overseas (e.g. HM Revenue & Customs (‘HMRC’) and HM Land Registry) who may in turn share it with relevant overseas tax authorities and with regulators (e.g. the Solicitors Regulation Authority):
- Courts, to comply with legal requirements, and for the administration of justice;
- In an emergency or to otherwise protect your vital interests;
- To protect the security or integrity of our business operations;
- To other parties connected with your transaction e.g. guarantors, occupiers, giftors and other people named or involved in your transaction
- When we restructure or sell our business or its assets or have a merger or re-organisation;
- Market research organisations who help to improve our products or services;
- Payment systems (e.g. Visa or Mastercard)
- Anyone else where we have your consent or where it is required by law.
Your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection.
Identity verification and fraud prevention checks
The personal data we’ve collected from you at the initial point of contact or at any stage will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services.
You will also have the choice to opt-in to receiving marketing information and services.
You can opt-out of receiving these types of communications at any time.
How long is your personal data retained?
The following criteria are used to determine data retention period for your personal data:
- Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries. Once the transaction has completed we will retain your data and file for six years as is required.
- Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims again us
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We also limit access to your personal data to only those Alexander JLO and group company employees, appointed representatives, advisors, business partners and suppliers who have a business need to know. They are also subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your legal rights regarding your personal data
Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018):
- The right to be informed about our processing or your personal data;
- Request access to your personal data
- Request correction of the personal data if it is inaccurate and have incomplete data completed
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal
- Request the transfer of your personal data to you or to a third party
- Withdraw consent at any time where we are relying on consent to process your personal
If you are not satisfied with how we have responded to your enquiry you have the right to complain to the Information Commissioners Office. It has enforcement powers and can investigate compliance with data protection law. Their website is www.ico.org.uk.
Data anonymisation and aggregation
After these retention periods if there is no other on-going client relationship your personal data may be converted into a statistical or aggregated data which can’t be used to identify you, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.