Our policies and procedures are designed to comply with the Data Protection Act 1998 and we give you our commitment to process any personal information with your privacy in mind.
Any personal information you give to us will be processed in accordance with the UK Data Protection Act 1998 and the General Data Protection Regulations. We will only use the personal information provided to deliver the services you have requested, or for our lawful, disclosed purposes. We will not make your personal details available to other third parties without your consent, unless obliged by law.
We will never sell or rent your name or personal information to any third party without your permission.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. Such staff may be engaged in the provision of support services. In the event that we transfer information to countries outside of the EEA, we will only do so where:
• The European Commission has decided that the country or the organisation, entity or individual to whom we are transferring to or sharing your data and/or information with, will protect your information adequately;
• The transfer has been authorised by the relevant data protection authority;
• We have entered into a contract with the organisation, entity or individual with whom we are sharing your data and/or information (on such terms as approved by the European Commission), to ensure your information is adequately protected.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We may share your personal information within Ortus Secured Finance and these organisations:
• Agents and advisers who we use to help us run your accounts and services, collect what you owe, and explore new ways of doing business.
• HM Revenue & Customs, regulators and other authorities.
• Credit reference agencies.
• Fraud prevention agencies.
• If you have a secured loan or mortgage with us, we may share information with other lenders who also hold a charge on the property.
• Any party linked with you or your business’ product or service.
• Companies we have a joint venture or agreement to co-operate with.
• Organisations that introduce you to us.
• Companies that we introduce you to.
• Companies you ask us to share your data with.
There are many reasons we may collect your information, for example:
• Legal compliance.
• Contractual obligations.
We may collect personal information about you and/or your business from other companies from these data sources:
• When you apply for our products and services.
• When you use our websites.
• In emails and letters.
• Visual images and personal appearance (such as copies of passports or photo identification).
• When you talk to us on the phone.
• When you talk to us in a video recorded client interview.
• In financial reviews and interviews.
Where permitted by law or to fulfil our regulatory requirements, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks and with law enforcement and regulatory bodies.
If we have collected personal information or data from you it is usually used to:
• Facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements.
• Provide you with information relating to our products and services.
• Administer, operate, facilitate and manage your relationship and/or account with Ortus Secured Finance. This may include sharing such information internally as well as disclosing it to third parties.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and/or regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
Under GDPR it is a requirement make you aware of your rights. These rights extend to:
• The right to request that your data is deleted, corrected/brought up to date;
• Request that your data is transferred to another party (this is part of the data portability requirement);
• That you have the right to complain to the Information Commissioner’s Office. Find out on their website how to report a concern – https://ico.org.uk/concerns.
When you visit or register on www.ortussecuredfinance.co.uk you may be asked to provide certain information about yourself including your name and contact details.