Privacy Policy

Business Loans Company a trading name of Wiseman Finance Limited T/as and needs to gather and use certain information about individuals.

This can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact. This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.

Why this policy exists

This data protection policy ensures Wiseman Finance Limited;

Data protection law

The General Data Protection Regulations describe how organisations — including Wiseman Finance Limited T/as — must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically or otherwise.

To comply with the law, personal information must be;

Record Keeping:

A range of information must be detailed in our internal records of processing activities. Such areas include;

Wiseman Finance Limited T/as ensure that records of these activities are kept and are updated accordingly. Individuals’ data is kept on file for 6 years in line with the Financial Conduct Authorities record keeping rules. After which point, personal data is retracted to the point it is unidentifiable and used for statistical purposes only.

Lawful Basis for Processing Data

Under GDPR, it is a requirement that Wiseman Finance Limited T/as has a valid lawful basis to process personal data, this should be documented. Most lawful bases require that processing is ‘necessary’.

The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever Wiseman Finance Limited T/as process personal data:

Processing is lawful under GDPR as:

(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

Wiseman Finance Limited T/as has chosen this basis for processing data as it is requested from the individuals that we capture data before entering into a contract (e.g. provide a quote for finance).

Responsibilities

Wiseman Finance Limited T/as acts as a data Controller and data Processor. All staff are responsible for ensuring that the highest data standards and best practices are met on a continual basis.


Data Protection Impact Assessments (DPIA)

Wiseman Finance Limited T/as has a general obligation to implement technical and organisational measures to demonstrate that data protection is integrated into our processing activities. A Data Protection Impact Assessment is conducted each time Wiseman Finance Limited T/asconsider implementing using new technologies.

The DPIA will pertain at least;

Individuals Rights

Individuals now have more rights under GDPR, Wiseman Finance Limited, these are;

Wiseman Finance Limited T/as provide every customer with a Privacy Notice at the point data is captured.

The information supplied in this notice demonstrates how Wiseman Finance Limited T/as is transparent over our data processing. The notice is;

The Data Controller, the lawful reason for processing data, if any third parties have legitimate interests, categories of personal data, categories of recipients such as banks and credit unions, the data retention periods,

The individuals’ rights; including the right to withdraw, where the individual can complain about how the data is processed with a supervisory authority, source of data when it comes from a third party and where personal data is part of a contractual requirement or obligation.

Sharing Of Data To Third Parties

Sharing of your personal data

Subject to applicable data protection law we may share your personal data with:

Using your personal data: the legal basis and purposes


We’ll process your personal data:
1. As necessary to perform our contract with and source products that meet your needs:
a. To take steps at your request prior to entering into it;
b. To manage and perform that contract;
c. To update our records; and
2. As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
a. For good governance, accounting, and managing and auditing our business operations;
b. To search at credit reference agencies (CRA’s) at your home address;
c. To monitor emails, calls and other communications;
d. To send you marketing communications
3. As necessary to comply with a legal obligation, e.g.:
a. When you exercise your rights under data protection law and make requests;
b. For compliance with legal and regulatory requirements;
c. For establishment and defence of legal rights; and
d. For activities relating to the prevention, detection and investigation of crime;
e. To verify your identity, make credit, fraud prevention and anti-money laundering checks;
4. Based on your consent, e.g.:
a. When you request us to disclose your personal data to other people;
b. To send you marketing communications where we’ve asked for your consent to do so.
You’re free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.

Rectification

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If Wiseman Finance Limited T/as has disclosed the personal data in question to third parties, then we will inform them of the rectification where possible.

Wiseman Finance Limited T/as will respond to this request within one month or extended by two months where the request for rectification is complex.

Erasure

Individuals have a right to have personal data erased and to prevent processing in specific circumstances;

Under the GDPR, this right is not limited to processing that causes unwarranted and substantial damage or distress. However, if the processing does cause damage or distress, this is likely to make the case for erasure stronger.

Wiseman Finance Limited T/as may refuse to comply with a request for erasure where the personal data is processed for the following reasons;

If Wiseman Finance Limited T/as has disclosed the personal data in question to third parties, a notification will be sent, informing them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so.

Restrict processing

Wiseman Finance Limited T/as will restrict the processing of personal data in the following circumstances;

Portability

For personal data an individual has provided to a controller; where the processing is based on the individual’s consent or for the performance of a contract; and when processing is carried out by automated means, Wiseman Finance Limited T/as must provide the personal data in a structured, commonly used and machine-readable form. Open formats include CSV files. Machine readable means that the information is structured so that software can extract specific elements of the data. This enables other organisations to use the data.

Wiseman Finance Limited T/as must provide this service free of charge.

If the individual requests it, we may be required to transmit the data directly to another organisation if this is technically feasible. Wiseman Finance Limited T/as will respond without undue delay, and within one month or extended by two months where the request is complex or receive many requests.

Objecting

If an individual has objected to processing data or direct marketing, Wiseman Finance Limited T/as will cease to process the data.

Individuals must have an objection on “grounds relating to his or her particular situation”.

Wiseman Finance Limited T/as will stop processing the personal data unless;

Direct marketing purposes

As soon as an objection is received, Wiseman Finance Limited T/as will stop processing personal data for direct marketing purposes. This will be actioned at any stage and is free of charge.

As Wiseman Finance Limited T/as offer an online presence, www.wiseman.finance ; we offer a way for individuals to object online.

Automated decision making including profiling

Wiseman Finance Limited T/as understand that any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyse, or predict that person’s performance at work, economic situation, location, health, personal preferences, reliability, or behaviour falls under this right. Where this is conducted, the rules and guidance of the ICO will be adhered to and followed. To date, Wiseman Finance Limited T/asdoes not conduct automated decision making including profiling.

Subject Access Requests (SAR)

Individuals who are the subject of personal data held by Wiseman Finance Limited T/as are entitled to;

Confirmation that their data is being processed;

Wiseman Finance Limited T/as will provide a copy of the information free of charge. However, a ‘reasonable fee’ may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive.

A reasonable fee may also be charged to comply with requests for further copies of the same information. The fee is based on the administrative cost of providing the information only.

Once the identity of the person making the request has been verified, the information will be provided within 1 month, this will be extended to 2 months if the request is complex. Notification will be made to the individual if this is the case.

Complaints

It is made clear that data subjects who wish to complain about how their personal data has been processed can raise this with Wiseman Finance Limited T/as complaints procedure. If the data subject is still not happy, then the complaint can be referred to the Information Commissioners Office.

Data Security and Storage

When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see or have access to it. These guidelines also apply to data that is usually stored electronically but has been printed out for some reason;

When not required, the paper or files should be kept in a locked drawer or filing cabinet. Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer; data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts;

The point that personal data is accessed is when it can be at greatest risk of loss, corruption, theft, unlawful access, Wiseman Finance Limited T/as will;