Privacy Policy

 

We ask that you read this Privacy Policy carefully as it contains important information regarding your personal information. The Privacy Policy describes the categories of personal information we will process and the purposes for processing. Shire ensure that the collection and usage of your personal information is done in accordance with the General Data Protection Regulation (GDPR) and its requirements.

This Privacy Policy will come into effect on 25th May 2018.

1.   Introduction

1.1 Shire Invoice Finance Limited (“Shire”) takes your privacy seriously, in this Privacy Policy you can find out more information about your privacy rights and how Shire gather, use and share your personal information. This will include personal information we collect directly from you, a third party or information we already hold about you.

1.2 Shire’s Data Protection Officer (“DPO”) can answer any queries you might have regarding your personal information or if you wish to exercise any of the rights mentioned within this Privacy Policy. Please contact our DPO by email at

info@shireinvoicefinance.co.uk, by telephone at 01827 300310 or by post at 1 Calico Business Park, Sandy Way. Amington, Tamworth, Staffordshire, B77 4BF.

For more information about your rights please see Section 10.

1.3 This Privacy Policy contains up to date information about how Shire uses your personal information, this policy will update any previous information about how we process and use your personal information.

2.   About Shire

2.1 When Shire collect and use personal information about you we become responsible for this information. When we do this we are regulated by the GDPR. Under this regulation Shire is known as a ‘data controller’ of that personal information.

2.2 By personal information, we mean information which can be used to identify you. For the purposes of this privacy policy, where we refer to “You” or “your” we are referring to individuals whose information we process, this includes business owners and any key personnel from the party making the application or entering into an agreement.

 

3.    How we collect personal data

3.1 Shire will obtain personal information:

  • Directly from yourself, from e.g. order form/application documents/telephone/email;
  • Through the course of an agreement either directly from you, your association or with a business supplier/brokers who introduce you to us;
  • From third party organisations such as Credit Reference Agencies (‘CRAs’) and Fraud Prevention Agencies (‘FPAs’);

Shire may also obtain personal information from either monitoring or recording calls. We will record and monitor telephone calls for training, auditing, resolving queries and issues and to improve overall quality and service delivery. When we process your personal information this will be either for our own legitimate interest, to comply with out legal obligations, to before a contract with you or where we ahve your consent as set out in Section 6.

 

3.2 In the course of dealing with your application and any subsequent agreements you enter into we may collect the following personal information:

  • Your title, full name, contact details, email address, home and mobile telephone numbers;
  • Your home address and address history, together with information about your occupier status, whether you are a tenant, live with parents or are an owner occupier;
  • Your date of birth;
  • Your occupation, job title and employment details;
  • Your personal identification i.e. a passport or a driving license;
  • Your nationality if this is necessary for us to comply with our legal and regulatory requirements;
  • Your bank details;
  • Your solvency and/or litigation history;
  • Personal information obtained from third parties such as credit reference or fraud prevention agencies and publicly available sources of information such as the electoral roll and court records of debt judgements and bankruptcies;

Those making an application should not share any other individual’s personal information with us except where they have shown them a copy of this privacy policy and obtained their confirmation that they know you will share it with us for the purposes described.

Depending on how you make your application we may collect this information directly or indirectly.

 

4.   How we use your personal information

4.1 In order for Shire to provide you with any products or services we will need to process your name, address, date of birth and email address. In certain circumstances we may be required to obtain additional personal information about you.

 

4.2 To consider an application and processing, we will use:

Your contacts details, these include; your name, address, email address, telephone number and date of birth.

We process and use this personal information to comply with legal obligation, to perform a contract and for our own legitimate business interest.

 

4.3To make a credit decision about you we will use:

  • Information you provide to us directly,
  • Information we receive from third party credit reference and fraud agencies,
  • Information we obtained through the course of an agreement or previous agreements, and
  • Information we receive from third parties.

For this purpose of processing Shire will share your personal information with CRA’s and FPA’s. The information could be used for:

  • Credit Reference Agencies (CRA’s) will add a search footprint onto your credit file when we have conducted a credit search, this may be seen by other lenders.
  • If you are making a joint application, or tell us you have a spouse or financial associate Shire and the CRA’s or fraud prevention agencies (FPA’s) may link your records together. This means that each other’s personal information (including information the CRA or FPA already holds) will be taken into account with all future credit applications by either or both of you. These links will remain on your and their files until such time as you or your partner successfully files for a ‘disassociation’ with the CRAs to break that link. Therefore you should make sure you discuss this with them and share this Privacy Policy, before lodging an application.
  • We might add to your CRA or FPA records about details of your agreements, this may include any defaults or failure to keep to the terms of your agreement and when a payment is overdue.
  • CRA’s or FPA’s could pass this personal information onto other companies who have no relation to us who conduct either credit or fraud prevention checks.

We process and use this personal information in order to comply with our legal obligations and for our own legitimate business interest.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at

http://www.experian.co.uk/crain/index.html CRAIN is also accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:

Callcredit https://www.callcredit.co.uk/crain;

Equifax https://www.equifax.co.uk/crain.html;  Experian http://www.experian.co.uk/crain/index.html.

Download a list of the CRA’s and FPA’s Shire uses.

 

4.4 Where we share information with a Funder, we will use:

Your contacts details, these include; your name, address, email address, telephone number and date of birth.

In considering your application we or our funders to whom we may assign or broker our agreement may conduct CRA or FPA checks. More information in regards to CRA’s and FPA’s are listed in Section 4.3.

We process and use this personal information to comply with our legal obligations and for our own legitimate business interest.

 

4.5   To fulfil or comply with our legal obligations, to prevent financial crime, including  fraud and money laundering we will use:

  • Information you provide us directly, and
  • Information we receive from third party CRA’s and FPA’s

This personal information will only be used where it is necessary for us to comply with a legal obligation or for our own legitimate business interest. The personal information will include, name address, date of birth and nationality.

We will provide personal information to and receive personal information from third parties such as CRA’s and FRA’s where it is necessary to meet our legal obligations. This may also include the police and other law enforcement and government agencies.

4.6  To administer payments we will use:

 

Your contact details and the payment details that you have provided to us. We may provide your data to a third party payment provider to process the payment.

We process and use this personal information for our own legitimate business interest.

4.7  To operate and administer our products and services, including dealing with your complaints and fixing our mistakes, we will use:

Your contacts details, these include; your name, address and date of birth.

We may share your information we use for this purpose with third parties who help us verify your contact details.

We process and use this personal information to comply with legal obligation, to perform a contract and for our own legitimate business interest

4.8  To comply with our legal obligation, to support our vulnerable customers:

Information you give us that identifies a vulnerability, such as a health condition.

We will give information to and receive information about a vulnerability from third parties where it is necessary to meet our legal obligations, for example from the police or someone acting on your behalf.

Where we process medical personal information that you have provided to us we will only hold this information once we have obtained your explicit consent to do so.

4.9  For debt recovery purposes, we will use:

Your contact details, these will include your name, address and date of birth.

Shire will give your personal information to and receive information from third parties where it is necessary to recover debts due by you to us, Third parties may include, debt recovery agents, CRA’s, Courts, bailiff services, Land Registry, professional advisors and process servers.

4.10  To carry out audit, good governance and analysis to develop and improve our products and services, we will use:

Your contact details, these will include your name, address and date of birth, identification and your email address.

We process and use this personal information to comply with legal obligation contract and for our own legitimate business interest.

4.11  To market products and services to you, we will use:

We will market directly to you or where your employer has taken out a product using the contact details either you or them have provided to us unless you have opted out.

We process and use this information for our own legitimate business interest. You have the right to object to Shire’s direct marketing at any time.

4.12  To record telephone calls:

Shire may also obtain personal information from either monitoring or recording calls. We will record and monitor telephone calls for training, auditing, resolving queries and issues and to improve overall quality and service delivery. When we process your personal information this will be either to comply with a legal obligation, to perform a contract or for our own legitimate business interest as set out in Section 6.

 

5.    Automated decision making

5.1 Sometimes we use your personal information in automated processes to make decisions about you, such as credit scoring. We might also use automated processes to create a profile of you. We do this to help ensure decisions are made accurately, fairly and efficiently. Decisions Shire makes solely on automation do not result in a rejected decision.

 

Credit Scoring

Where you are a sole trader or a partner in a partnership Shire will use automated decision making using your personal information to conduct credit scoring – this evaluates your financial profile.

In order to undertake credit scoring we use the information you have provided to us and information we obtain from CRA’s.

We use credit scoring to make decisions about you such as whether we will enter into an agreement to provide a product or service to you.

To find out information about your rights in relation to automated decision making please see details found in Section 10.

 

6.    Our legal basis for processing your personal information

6.1 Shire will only use your personal information where it is permitted by law that protects your privacy rights. When you apply for finance or enter into a finance/trading agreement with us we will use your personal information where:

  • It is fair to use the personal information either in our interests or someone else’s interests, where there is no disadvantage to you – we refer to this as legitimate business interest,
  • We need to use the information to perform a contract with you,
  • We need to use the information to comply with our legal obligations; and
  • We have your consent (if consent is needed).

Where we have your consent, you have the right to withdraw this. Shire will let you know how you can do this at the time we gather your consent.

 

7.    Sharing your personal information

7.1 Who we share your personal information with is dependent on the products or services we provide to you. For the majority of our products and services we will share your personal information with our funders, brokers, suppliers, CRA’s and FPA’s. For more information on how we use your personal information please see Section 4.

7.2 The personal information we have about you usually is gathered from you direct or through the course of an agreement, from public domain or third parties. In some circumstances we will transfer and obtain personal information from third parties where it is necessary for purposes such as credit checking and fraud prevention or for marketing purposes.

For more information on who we share data with please download a list of the third parties we share your personal information with and links to their privacy policies here.

 

8.    Keeping your personal information secure

8.1 Shire have adopted appropriate security measures to ensure your personal information remains secure. This prevents your personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

8.2 We also have procedures in place to deal with any suspected information security breach. We will notify you and any applicable regulator of a suspected information security breach where we are legally required to do so.

 

9.    Transferring information outside of the European Economic Area

9.1 In providing our products and services to you we may transfer your personal information outside the European Economic Area (‘EEA’). Any transfer of your personal information will be in accordance with our legal obligations to ensure the safeguarding of your personal information during such transfer. If you would like more information or the details of the safeguards we have in place to protect your personal information please contact our DPO using the details set out in Section 1.

10.   Your rights

10.1 Under the GDPR you have a number of rights in terms of how we use your personal information. You have the right to object how we use your personal information. You also have the right to access the personal information we hold about you. You can also ask us to delete, restrict or correct any inaccuracies in your data in addition to requesting some of your information is provided to a Third Party.

 

10.2     Right to Object

 

You have the right to object how we use your personal information. This means you may object at any time to processing of personal information for direct marketing and decisions being made by automated means in addition to data being processed in certain other situations. If you would like to make an objection please contact our DPO with the reasons for your objection.

 

10.3     Right of Access

 

This allows you access to your personal information and to certain other supplementary information that this Privacy Policy is already designed to address. You can request access to a copy of your personal information that we hold in addition to why we use it, how long we keep it for, who we share it with and whether it has been used for any automated decision making. This will be provided to you in an electronic format from a secure portal or hard copy. We may ask for additional information in relation to your identity for security reasons before providing any information.

 

10.4      Right to Rectification 

 

This gives you the right to request Shire to change or complete any incorrect or partial information we hold about you.

 

10.5      Right to Erasure

 

This gives you the right to erase personal information that we hold about you where it is no longer necessary for us to use or keep the information, you have withdrawn consent or if we have no legal basis to keep the data.

 

10.6      Right to Portability

 

This gives you the right to transmit some of the personal information we hold about you to a third party. The information can either be provided to you in a commonly used, machine-readable format or can be provided to the third party direct. This only applies to personal information you have given us direct, if it is for the performance of a contract, based on consent or when processing is done by automated means.

 

10.7      Right to Restriction

 

You have the right to restrict how we process your personal information in circumstances where you have exercised your right to object, rectification or erasure.

 

If you would like to exercise any of your rights listed above, please contact our DPO using the details listed in Section 1. Please provide us with the following:

  • Enough information to identify you, including proof of identity and address (passport, driving licence and a utility bill),
  • Any information that your request relates to, including any account or reference numbers.

For further information on each of your rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulation.

 

If you would like to exercise any of these rights please contact our DPO at the address listed in Section 1.

11. Personal information retention

11.1 The length of time we keep your personal information for is dependent on how the information is used and recorded. Shire will never retain your personal information for longer than necessary for the purposes we require it for. Generally this will be up to seven years after the end of the agreement or application in order to comply with our legal obligations.

If you would like more information about how long we keep your data please contact our DPO using the details listed in Section 1.

 

12. Your online activities

12.1 Shire uses cookies to track your use of our website:

www.shireinvoicefinance.co.uk

 

More information about cookies

A cookie is a small file which is sent to your browser and stored on your computer’s hard disc and enables us to track and understand your usage of our website and where we can make improvements to the information and services we provide to you. We use cookies solely to gather information on IP addresses, administer the website and track your movements on the website. For more information about blocking the use of cookies, please refer to the guidance on your internet browser.

Please note you may not be able to use or access certain areas of our website if you block all cookie usage.

 

13. How to make a complaint

13.1 If you are unhappy with how we process and use your personal information you can make a complaint directly to us, you can do this by contacting our DPO with the details listed in Section 1.

13.2 We hope that we can resolve any query or concern you raise with us directly, however if we are unable to do so the GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”) who may be contacted at https://ico.org.uk/concerns/.

 

Appendices

Appendix 1

List of all our Credit Reference and Fraud Prevention agencies.

 

 

Supplier Service
Experian Limited Credit Referencing
Creditsafe Business Solutions Limited Credit Referencing
Dun & Bradstreet Limited Credit Referencing
Dow Jones & Company Inc. Fraud Prevention

 

Appendix 2

List of all our funders.

Funders
Aldermore Bank Limited
Ashley Business Finance Ltd
Ashley Finance Ltd
Bibby Factors Slough Ltd
Bibby Financial Services Limited
Creative Capital Ltd
Creative Trade Finance Ltd
Close Brothers Group Plc.
GapCap Ltd
Hitachi Capital (UK) Plc
Investec Capital Solutions Ltd
Lloyds Bank Commercial Finance Ltd
MarketInvoice Ltd
Metro Bank PLC
Nucleus Commercial Finance Ltd
Positive Cashflow Finance Ltd
Pulse Cashflow Finance Ltd
RBS Invoice Finance Ltd
Satago Financial Solutions Ltd
SAF Leasing Ltd
Shire Leasing PLC
Shire Securities Ltd
Siemens Financial Services Ltd
SME Invoice Finance Ltd
The Royal Bank of Scotland PLC
Trade and Export Finance Ltd
Ultimate Finance Group Ltd

Appendix 3

List of all our brokers

Brokers
Finance House Solutions Ltd
Global Media Internet Service Ltd
Love Finance Ltd
SAF Leasing Ltd
Shire Leasing PLC
Shire Securities Ltd
Shire Recoveries Ltd