Privacy policy
We understand that we have a responsibility to protect and respect your privacy and look after your personal data. This Privacy Policy explains what personal data we collect, how we use and store it, and the reasons we may need to disclose it to other parties. Data Protection law changed on 25 May 2018 when the General Data Protection Regulations (GDPR) came into force and this Privacy Policy sets out your rights under these laws.
Who are we?
We are General Asset Management Ltd T/As Accredo. Registered in England & Wales No. 04015712 at Mill Green House, Mill Green Road, Haywards Heath, RH16 1XJ.
For the data we collect and subsequently process, we are the “Data Controller”. This is a legal term which means that we make decisions about how and why we use your personal data. As the Data Controller, we are responsible for making sure that your personal data is used in accordance with applicable data protection laws and this Policy. When you provide your personal data to another party such as a finance broker who then discloses this information to us for the sole purpose of reviewing your finance application, we will process that data in accordance with this Policy. In these circumstances we are acting as the “Data Processor”.
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The reasons we process your personal data are:
- Consent: You have given clear consent for us to process your personal data for a specific purpose.
- Contract: the processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract (e.g. to provide you with documentation regarding our products and services).
- Legal obligation: the processing is necessary for us to comply with our legal and/or regulatory obligations (e.g. HMRC reporting or Credit Reference Agencies).
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party (e.g. to market to you similar products and services in the future).
How do we collect personal data from you?
We receive and collect information about you when you use our website, complete our documents, communicate with us by phone, post, text, our App or email and from third parties such as credit reference agencies, fraud prevention agencies, agents working on our behalf and companies who have introduced you to us. Where your data is provided to us by a third party (for example, by a finance broker as part of your application for a finance facility) we require the third party to warrant that they rely on one of the above reasons to share your personal information with us. Calls to our offices are recorded and the recordings are used for quality and training purposes.
Cookie usage on our website
There are instances where we may use cookies to gather information regarding our services in a mathematical collection for our website. Any information collected will not have any identifying data. It is statistical data about our visitors and how they have used our site. No personal details will be shared that could identify you.
We may assemble information about your common internet use with a cookie file. When used, the cookies are downloaded to your computer automatically. The cookie is stored on the hard drive, with transferred information. The data sought by the cookie helps us improve our website and any service offered to you.
Your browser has the ability to decline cookies. This is done by setting your browser options to decline all cookies. Note: if you do decline the download of cookies, some aspects of our site may not work or allow you access.
Third party links on our website
Third party links may be discovered on our website. These third party links have their own privacy policy, which you agree to when you click on the link. We are not responsible nor do we accept responsibility for third party links. Our liability covers us only on our site, and thus we do not accept liability for third party links as we have no control over them.
What type of personal data do we collect from you?
We retain records of your queries and correspondence, in the event you contact us. The personal data that we may collect from you includes but is not limited to:
- Contact details such as names, phone numbers and postal / email addresses;
- ID verification information and copies thereof; this may include passport, driving licence, public record certificates, as well as dates of birth, address confirmation and signatures;
- Financial information such as bank/payment card details, payment histories, personal / business bank statements and company accounts;
- What we learn about you from verbal or written correspondence with you;
- Business details such as forecasts, business plans and CV’s;
- Information obtained from fraud prevention agencies and credit reference agencies including but not limited to associated contacts, address history, voters roll and financial information such as credit account data.
What do we use your personal data for?
We use information about you in the following ways:
- To process enquiries that you or a third party acting with your consent have submitted to us;
- To comply with any contractual obligations such as administering and managing your account as well as to trace and recover debts;
- To meet our legal and regulatory requirements;
- To help us identify you, any accounts you hold with us and keep this information up to date;
- To provide customer care, including responding to your requests if you contact us with a query;
- To share your personal data with certain third party service providers such as payment services and credit reference agencies (CRAs). This information may be shared by other organisations by the CRA.
- To detect and prevent criminal activity such as fraud and to verify what you have told us is correct we may perform identify checks, anti-money laundering checks and checks with Fraud Prevention Agencies (FPAs)
- To notify you about changes to our website, services or terms and conditions;
- To enable us to review, improve and provide you with information about our products and services which we feel may interest you;
- To deal with requests from you to exercise your rights under data protection laws
How long will we keep your personal data?
We will retain your data only for as long as necessary in accordance with applicable laws. We may keep your data for up to seven years after your contract with us has ended as we may not be able to delete your data before this time due to our legal and/or accountancy obligations. For our protection, certain data relating to criminal activity and fraud will be kept indefinitely.
We will retain your personal information for longer than seven years where you do not object or opt-out of receiving email marketing communication from us about similar products and services. In this case we will store your personal information until you object or opt-out.
Who has access to your personal data?
At times we may disclose personal data to persons in our group of companies. This can include subsidiaries, holding companies, or any other subsidiaries involved in our business. We do not give or sell your personal data to third parties for marketing or advertising purposes but third party disclosure may occur for the following reasons:
- When we are legally required to do so by law enforcement agencies and government or regulatory bodies;
- To agencies that help in fraud prevention including credit reference agencies;
- To allow auditors to complete their regulatory and contractual requirements;
- For the provision of services on our behalf (for example processing card payment and direct debit transactions);
- Should we sell any or all of our business to a third party;
- Companies we have a joint venture or agreement to co-operate with and companies you ask us to share your data with.
Your rights
Under data protections laws you have a number of rights in relation to the collection and use of your personal data. These are
- The right to access to the information we hold about you;
- The right to rectification so you can have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
- The right to erasure - You have the right to request that we delete your personal data from our records.
- We will not be able to delete your personal information whilst we are still providing our services to you. This right is not absolute and requests for erasure may be refused in some circumstances such where the personal data must be retained to comply with a legal obligation, to exercise/defend legal claims or to prevent financial crime.
- The right to restrict how we use your personal information;
- The right to object to the collection and use of your personal information at any time;
- The right to obtain a copy of your personal data in a legible and compatible format such as Excel or Word.
The majority of ways we process your personal data are not based on your consent and is instead based on other legal reasons (as set out above). Where our processing is based solely on your consent you have the right to withdraw your consent for future processing at any time. You should be aware that preventing the use or processing of your personal data may mean that we are unable to provide our services to you. If we are acting as the Data Processor for the data you provided to another Data Controller you should also contact them to withdraw your consent.
You can exercise your rights by writing to us at the post or email address below stating what information you require and we will respond to you within a month.
Updating your personal data
You should notify us of any changes to your status, contact and payment details without delay in order that the data we hold for you is kept up to date at all times.
Where do we store your personal data?
The transmission of information via the email and the internet is not completely secure, we cannot guarantee the security of your data transmitted to us and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
All personal data you provide to us is stored on servers within the EEA. From time to time, your data may be transferred to and stored in a country outside the EEA in relation to provision of the services. The laws in these countries may not provide you with the same protection as in the EEA but the service provider will take steps to ensure that the necessary levels of protection are in place. This may include measures such as entering into a written agreement with us to provide a contractual undertaking that they will keep your personal information secure. By providing your personal data to us, you agree to this transfer and storage.
How do I lodge a complaint about the use of my personal data?
You can lodge a complaint about the use of your personal data directly with us or with the Information Commissioner’s Office (ICO). The ICO are the regulator who makes sure that we use your personal information in a lawful way. You can do this at www.ico.org.uk or by calling 0303 123 1113.
Contact us:
Please feel free to contact us by any of the following means:
Email: customerservices@accredo.co.uk
Phone: 01444 255915
Post: Accredo, Mill Green House, Mill Green Road, Haywards Heath, RH16 1XJ