Claratus Commercial Finance Limited (‘Claratus’) provides Asset Finance & Alternative Financing to our clients.
We need to collect personal data from our clients, introducers, lenders and other contacts to ensure we can provide these services.
Your privacy is important to us and it is our policy to respect the confidentiality of information and the privacy of individuals. This notice outlines how we as a data controller, manage your personal information (‘personal data’). It also details your rights in respect of our processing of your personal data. This Privacy Notice may be updated from time to time.
Claratus has implemented appropriate technical and organisational measures to comply with applicable data protection legislation including; internal data protection policies, staff training, internal audits of processing activities, and reviews of internal HR policies.
What kind of personal data do we collect about you?
We collect information necessary to fulfil our obligations to our clients, introducers and lenders in the course of proving asset and alternative financing solutions.
Some of this data is submitted to us in application or declaration forms and identification documents, and may include the following types of data; name, address and contact details, date of birth and gender, profession and employment details, information about your income or financial statements, asset and liabilities, payment history, bank details, location data and any other similar information.
We may occasionally collect sensitive personal data about you such as racial or ethnic origin. We only collect and further process this type of data, where you have given your explicit consent.
If you provide us with any personal data relating to a third party (e.g. information of your spouse, children, parents), you represent to us by providing the data to us, that you have obtained prior consent from that person.
How do we collect your data?
Generally, we collect personal data in the following ways;
- when you submit an application or declaration form in relation to a credit search;
- when you interact with our employees, for example, via telephone calls, letters, face-to-face meetings and emails;
- when you use some of our services, like our websites
- when you request that we contact you, be included in an email or other mailing list;
- when you respond to our initiatives or to any request for additional personal data
Do we make automated decisions concerning you?
We do not carry out automated profiling on you; however we may send your details to a credit reference agency that may then use automated profiling. This may be used to determine that the customer is not approved for credit, or the amount applied for, the customer poses a fraud, terrorism or money laundering risk; or the customer has hidden its identity.
You have the right to object to automated profiling and you will be notified prior any automated profiling being carried out.
What legal basis do we have for using your information?
The law on data protection allows us to only process your data for certain reasons:
- in order to perform a contract that we are party to,
- in order to carry out legally required duties,
- in order for us to carry out our legitimate interests,
- to protect your interests and,
- where something is done in the public interest.
All of the processing carried out by us falls into the first three permitted reasons, for example; for the performance of a contract we have entered into with clients, lenders or introducers or in order to comply with our duties under FCA rules. This includes our obligation to verify the identity of clients and to maintain records of regulated businesses.
For prospective clients, lenders and introducers, and other third parties, our processing is also necessary for our legitimate interests in that we need to collect this information in order to contact these individuals prior to entering into a contract or providing our services.
For example, we may collect information from online enquiries, quotes and referrals. Some of this information is also collected from publicly available information, from market research and purchased data.
Before undertaking credit reference searches, or before we collect sensitive personal data, you will always be asked for your explicit consent. You have the right to withdraw that consent at any time by contacting us using the contact details below.
If you do not provide the personal data necessary, or withdraw your consent, we may not be able to provide you with the financing or services you are looking for.
How long do we keep this information for?
Your personal data is kept for the minimum time to fulfil the purposes for which it was collected or otherwise to meet statutory requirements.
If we cannot obtain finance for you or we no longer have a relationship with you, we will ensure all data is deleted within 12 months.
Disclosure of your personal data
We may share your data with selected third parties including:
- a lender for the purpose of a finance agreement,
- a credit reference agency or other verification company to conduct checks on you to verify the information you have provided
- third party service providers who process this data on our behalf to help run some of our internal business operations, for example IT services.
Where we share your data with third parties we ensure that your data is held securely and in line with GDPR requirements.
Where your data is sent to a credit reference agency or other verification company, you will be asked for your explicit consent beforehand.
How do we store and protect personal data?
Safeguarding the privacy of your data is important to us, whether you interact with us personally, by phone, mail, over the internet or any other electronic medium.
We hold personal data in a combination of secure computer storage facilities and paper-based files and other records, and take steps to protect the personal data we hold from misuse, loss, unauthorised access, modification or disclosure. We have a detailed data protection policy and procedure in place and conduct relevant training to employees to ensure that all employees understand their obligations.
We have adequate IT Security arrangements in place to ensure your personal data is held securely. However, the internet is an open medium and we cannot guarantee that any data you send to us by email or via our sites will not be intercepted or tampered with; any transmission is at your own risk.
Where you have opted out of receiving marketing communications we will hold some of your details on our suppression list so that we know you do not want to receive these communications.
Your rights as a data subject
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
- the right to portability. You may transfer the data that we hold on you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
You can read more about these rights here; https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Transfers outside the EEA
We may transfer your personal information outside the European Economic Area (EEA), but this should only be to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission. We may also pass your details onto Lenders who may transfer your data outside of the EEA. The data protection policy of the particular lender will be visible on their website and will either be provided in advance of an application for finance, once an application has been made or you will be able to contact the lender directly to obtain if required.
Access to personal information about you
As mentioned above you have the right to request a copy of the personal data we hold about you. If you would like a copy of some or all of this data you may contact us by telephone on 0207 264 2200 or you may write to us at our registered office address: Claratus Commercial Finance Limited, 150 Minories, London, EC3N 1LS.
If you have any queries regarding privacy issues or the content of this privacy notice, you can email us on email@example.com or write to us at: Claratus Commercial Finance Limited,150 Minories, London, EC3N 1LS or call us on 0207 264 2200.
What if you have a complaint?
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set above. If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.