Privacy Policy
finova respects your privacy and is committed to protecting your personal data. This Privacy Statement sets out the types of personal data we may collect about you when you interact with us and inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
Specifically, and in relation to finova (as defined below) this Privacy Statement aims to give you information on:
- who we are;
- how we may obtain your data and information;
- what information we may collect and how we use your information;
- when and why we will share your data and information within finova and other organisations;
- the rights and choices you have when it comes to your data and information; and
- why and how we collect and process your personal data through your use of our websites, including any data you may provide through our websites when you use any of the services by finova or invest in any of our products and to anyone else who contacts or otherwise submits information to any of the finova companies.
It is important that you read this Privacy Statement together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Statement supplements any other privacy notices or policies and is not intended to override them.
Please take the time to read this Privacy Statement. If you have any questions about this Privacy Statement, our use of your information or any other queries you can contact us at:
- legal@finova.tech; or
- on telephone number 0207 050 2000; or
- by post to finova, 6th Floor, Commodity Quay, London, E1W 1AZ.
This Privacy Statement may change from time to time and if it does, the up-to-date version will always be available on finova’s website. Please note that by continuing to use finova websites, you are agreeing to any updated versions of the finova Privacy Statement.
Who we are
finova is a trading name that consists of the following private limited companies:
- DPR Group Limited, registration number 04438029;
- DPR Consulting Limited, registration number 03178610;
- eKeeper Group Limited, registration number 05144521;
- Burrow Mortgages Limited, registration number 11362212;
- MCI Club Limited, registration number 09204126;
- BEP Systems Limited, registration number 06717822 and
- Spectrum Data Management Limited, registration number 05821010, together (“finova”).
How we may obtain your data and information
The majority of the personal data we hold about you is collected when you interact with us or correspond with us directly (via our websites, by email, telephone, by post, face to face meetings, industry events or our customer database). We may also obtain information in several ways which may include:
- Information that we receive from third parties – including other companies in finova, third parties who provide services to you or us (including via credit reference agencies, fraud prevention agencies or government agencies), and other banks (where permitted by law);
- Information that we learn about you through our relationship with you;
- Information that our systems automatically collect about your equipment, browsing actions and patterns. We collect this personal data by using cookies, tracking pixels, server logs and other similar technologies. Please see the section headed “IP addresses and cookies” below;
- Information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.
What information we may collect and process
We collect and process various categories of personal information and data at the start of, and for the duration of, your relationship with us. We will limit the collection and processing of data and information to that which is necessary to achieve one or more legitimate purposes as identified in this Privacy Statement.
The types of personal information and data we may collect, store, and use may include (but is not limited to):
- Basic personal information, including name, title, address, telephone numbers, and personal email addresses
- Employment Details (including company name, job titles, etc…).
- Information about your use of our information and communications systems
How we use your information
We may use your personal information and/or data:
- where processing is necessary for the fulfilment of a contract, or where specific steps have been taken before entering into a contract. These activities include;
- internal record keeping;
- to follow up, either by e-mail, phone or mail as part of our customer service procedures;
- for administration and client relationship management;
- to make product changes based on client requests
- to amend bugs, issue software updates, issue patches and fixes to products
- where the processing is necessary for the compliance with the law. These activities include;
- internal record keeping;
- to deal with requests from you to exercise your rights under data protection laws
- for activities relating to the prevention, detection and investigation of crime
- where processing is necessary for legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect personal data which overrides those legitimate interests.) These activities include;
- to periodically send promotional e-mails from us (or on behalf of someone else) about new
- products, special offers or other information which we think you may find interesting;
- to help us improve and develop our website, online products and services;
- to understand our user demographics and use of our website;
- to answer questions and respond to comments, requests or queries you send us, including any product queries;
- to notify you of changes to our products or services, and any other purpose related to or ancillary to any of the above.
We will only use your personal information for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosure of your information (including outside of the European Economic Area “EEA”)
We may share your personal information within finova.
We may share your information with our appointed third-party agents and suppliers to support our processing activities. These third parties will only have access to your information in order for them to perform specific tasks related to lawful basis and they may not use it for any other purposes.
We may also pass your information on to financial organisations, credit reference agencies and tracing agencies.
We may disclose your information to our professional advisers for the purpose of obtaining professional advice or to other third parties if we have a legal obligation to do so. We reserve the right to monitor, review, retain and/or disclose any information as necessary to satisfy any applicable law, regulation, legal process or governmental request.
Should there be any change to your personal details in the future (i.e. change of name, address, telephone number, bank account, etc) you are asked to notify us promptly. This will ensure we maintain accurate personal details. If it becomes our intention to use your information for any other reason, we shall advise you of those intentions prior to using the information for the additional purpose(s) as well as advising you of any other details within this statement which may be affected.
We may have to share your data with third parties, including third-party service providers. We will only share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest for doing so. We require third parties to respect the security of your data and to treat it in accordance with the law.
Transfers may be made outside the EEA where we are satisfied that appropriate safeguards are in place over the transferring and processing of such information or data.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform our contract with you (such as paying you or providing a service), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
Information security
We will take all steps reasonably necessary including policies, procedures and security features to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this Privacy Statement. Unfortunately, the transmission of information via the internet is not completely secure and, although we will do our best to protect your information and/or personal data, we cannot guarantee its security completely. Accordingly, in the case of a security breach we do not accept any liability for the direct or indirect loss, theft or misuse of the any information and/or data that you have provided to us and/or which you have registered on finova websites.
Your rights
We want to make sure you are aware of your rights in relation to the information and/or data that we process about you. We have described those rights and the circumstances in which they apply, below:
- Right of access - You have the right to obtain a copy of information we hold about you
- Right of rectification or erasure - If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data, we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Please note that we may be entitled to retain your personal data despite your request, for example if we are under a separate legal obligation to retain it. Your right of rectification and erasure extends to anyone we have disclosed your personal information to, and we will take all reasonable steps to inform those with whom we have shared their data about your request for erasure.
- Right to restriction of processing - You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
- Right to Portability - You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
- Right to Object - You have a right to object to our processing your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
- Right to Withdraw Consent - You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.
- Right of Complaint - You also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at www.ico.org.uk.
- Marketing Communications - To stop receiving marketing (such as email, postal or telemarketing), then please contact us using the contact us details below.
How long we keep your information
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of the Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the Site.
Cookie Policy
[Last updated 6 June 2023]
finova’s website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.
What is a cookie?
A cookie is a small file of letters and numbers that can be placed on your device, if you agree. Cookies contain information that is sent to your browser and stored on your computer’s hard drive, tablet or mobile device. When you visit our sites or use our apps it can allow us to recognize and remember you.
Types of cookies
- Session cookies: these cookies remain in your browser during your browser session only, i.e. until you leave the website.
- Persistent cookies: these cookies remain in your browser for a set period of time after the browser session (unless deleted by you).
What type of cookies do we use and how are they used?
Strictly necessary cookies. These are cookies that are required for the operation of our website, enabling core functionality such as security, network management and accessibility. These cookies cannot be switched off, but you may set your browser to block these cookies, which may hinder your experience as parts of our website may not work.
Advertising/targeting cookies. These cookies record your visit to our sites, the pages you have visited and the links you have followed. We will use this information to make our website and any advertisement displayed on it more relevant to your interests.
Functionality cookies. These cookies are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
Performance cookies. These cookies are used to understand how you interact with our website. This enables us to better understand certain metrics of our website (for example, number of visitors, bounce rate and traffic source) to improve the performance of our site.
Cookie list
Strictly necessary cookies
Performance cookies
How can you control cookies?
You may see a “cookie banner” on our websites (usually located in the bottom left corner of your screen), which is provided in order for us to obtain consent to the use of cookies. If you consent to the use of cookies by clicking “Accept Cookies” the first-party non-essential cookies detailed in this policy will be enabled. You can update and review your settings at any time by clicking on the cookie banner.
Useful links
If you would like to find out more about privacy, cookies and their use on the internet, you may find the following links useful:
If you would like to contact us about our cookie policy, please email legal@finova.tech.
Changes to our cookie policy
finova reserves the right to amend this Cookie Policy at any time, for any reason, without notice to you, other than posting the amended Cookie Policy here.
finova Anti-Slavery and Human Trafficking Statement
This statement sets out the steps finova has taken to prevent modern slavery and human trafficking occurring within any part of its business and supply chains. This statement is published in line with section 54(1) of the Modern Slavery Act 2015 for the financial year ended 30 June 2022.
About finova
finova is the UK’s largest cloud-based mortgages and savings software provider, supporting over 60 leading lenders, 3000 mortgage brokers and 200 financial institutions. The suite of award-winning software includes a Core Banking Platform, Broker Platform and finova Connect, a range of solutions that connect lenders, intermediaries and consumers.
UK is the main centre of operations with offices in Poland and India.
finova’s commitment to the principles of the Modern Slavery Act 2015
finova are committed to the principles of the Modern Slavery Act 2015 and the abolition of modern slavery and human trafficking.
We strive to act transparently, ethically and with integrity in all business relationships and to ensure slavery and human trafficking is not taking place anywhere within our business or supply chain.
Our recruitment and people management processes are designed to ensure that all prospective colleagues are legally entitled to work in the country they work with us in and to safeguard colleagues from any abuse or coercion.
We do not enter into business with any organisation, in the UK or abroad, which knowingly supports or is found to be involved in slavery, servitude and forced or compulsory labour including child labour.
Our supply chain
Due to the nature of our business operations, we assess ourselves to have a low risk of modern slavery in our business and supply chains.
As a medium sized business, our supply chains are relatively limited.
We operate a risk management process to review our suppliers on a regular basis, including reviews to flag any issues, operational or regulatory. This process provides us with confidence that there are no slavery or human trafficking taking place in any part of our business or in our supply chain. In addition, all of our approved suppliers are expected to adhere to our Supplier Code of Conduct, which requires suppliers to at all times comply with the provisions of the Modern Slavery Act 2015 and includes an obligation that our suppliers and their subcontractors will employ a zero tolerance policy to forced or slave labour.
Training
We continue to provide awareness training to staff on the Modern Slavery Act 2015 and provide a safe space to report any suspected cases of slavery, human trafficking or other abusive behaviours.
We have no cause to suspect that Modern Slavery is currently present within our business or supply chain, nor any evidence that it has been present in the past.
This Anti-Slavery and Human Trafficking Statement has been formally approved by the Executive Committee on Feb 2022.
