Privacy Statement

Introduction

finova respects your privacy and is committed to protecting your personal data. This Privacy Statement sets out the types of personal data we may collect about you when you interact with us and inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

Specifically, and in relation to finova (as defined below) this Privacy Statement aims to give you information on:

  • who we are;
  • how we may obtain your data and information;
  • what information we may collect and how we use your information;
  • when and why we will share your data and information within finova and other organisations;
  • the rights and choices you have when it comes to your data and information; and
  • why and how we collect and process your personal data through your use of our websites, including any data you may provide through our websites when you use any of the services by finova or invest in any of our products and to anyone else who contacts or otherwise submits information to any of the finova companies.

It is important that you read this Privacy Statement together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Statement supplements any other privacy notices or policies and is not intended to override them.

Please take the time to read this Privacy Statement. If you have any questions about this Privacy Statement, our use of your information or any other queries you can contact us at:

This Privacy Statement may change from time to time and if it does, the up-to-date version will always be available on finova’s website.  Please note that by continuing to use finova websites, you are agreeing to any updated versions of the finova Privacy Statement.

Who we are

finova is a trading name that consists of the following private limited companies:  

  • DPR Group Limited, registration number 04438029;
  • DPR Consulting Limited, registration number 03178610;
  • eKeeper Group Limited, registration number 05144521;
  • Burrow Mortgages Limited, registration number 11362212;
  • MCI Club Limited, registration number 09204126; and  
  • Spectrum Data Management Limited, registration number 05821010, together (“finova”).  

How we may obtain your data and information

The majority of the personal data we hold about you is collected when you interact with us or correspond with us directly (via our websites, by email, telephone, by post, face to face meetings, industry events or our customer database). We may also obtain information in several ways which may include:

  • Information that we receive from third parties – including other companies in finova, third parties who provide services to you or us (including via credit reference agencies, fraud prevention agencies or government agencies), and other banks (where permitted by law);
  • Information that we learn about you through our relationship with you;
  • Information that our systems automatically collect about your equipment, browsing actions and patterns. We collect this personal data by using cookies, tracking pixels, server logs and other similar technologies. Please see the section headed “IP addresses and cookies” below;
  • Information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.

What information we may collect and process

We collect and process various categories of personal information and data at the start of, and for the duration of, your relationship with us.  We will limit the collection and processing of data and information to that which is necessary to achieve one or more legitimate purposes as identified in this Privacy Statement.

The types of personal information and data we may collect, store, and use may include (but is not limited to):

  • Basic personal information, including name, title, address, telephone numbers, and personal email addresses
  • Employment Details (including company name, job titles, etc…).
  • Information about your use of our information and communications systems

How we use your information

We may use your personal information and/or data:

  • where processing is necessary for the fulfilment of a contract, or where specific steps have been taken before entering into a contract. These activities include;
  • internal record keeping;
  • to follow up, either by e-mail, phone or mail as part of our customer service procedures;
  • for administration and client relationship management;
  • to make product changes based on client requests
  • to amend bugs, issue software updates, issue patches and fixes to products
  • where the processing is necessary for the compliance with the law. These activities include;
  • internal record keeping;
  • to deal with requests from you to exercise your rights under data protection laws
  • for activities relating to the prevention, detection and investigation of crime
  • where processing is necessary for legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect personal data which overrides those legitimate interests.) These activities include;
  • to periodically send promotional e-mails from us (or on behalf of someone else) about new
  • products, special offers or other information which we think you may find interesting;
  • to help us improve and develop our website, online products and services;
  • to understand our user demographics and use of our website;
  • to answer questions and respond to comments, requests or queries you send us, including any product queries;
  • to notify you of changes to our products or services, and any other purpose related to or ancillary to any of the above.

We will only use your personal information for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosure of your information (including outside of the European Economic Area “EEA”)

We may share your personal information within finova.  

We may share your information with our appointed third-party agents and suppliers to support our processing activities. These third parties will only have access to your information in order for them to perform specific tasks related to lawful basis and they may not use it for any other purposes.

We may also pass your information on to financial organisations, credit reference agencies and tracing agencies.

We may disclose your information to our professional advisers for the purpose of obtaining professional advice or to other third parties if we have a legal obligation to do so. We reserve the right to monitor, review, retain and/or disclose any information as necessary to satisfy any applicable law, regulation, legal process or governmental request.

Should there be any change to your personal details in the future (i.e. change of name, address, telephone number, bank account, etc) you are asked to notify us promptly. This will ensure we maintain accurate personal details. If it becomes our intention to use your information for any other reason, we shall advise you of those intentions prior to using the information for the additional purpose(s) as well as advising you of any other details within this statement which may be affected.

We may have to share your data with third parties, including third-party service providers. We will only share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest for doing so. We require third parties to respect the security of your data and to treat it in accordance with the law.

Transfers may be made outside the EEA where we are satisfied that appropriate safeguards are in place over the transferring and processing of such information or data.

If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform our contract with you (such as paying you or providing a service), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

Information security

We will take all steps reasonably necessary including policies, procedures and security features to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this Privacy Statement. Unfortunately, the transmission of information via the internet is not completely secure and, although we will do our best to protect your information and/or personal data, we cannot guarantee its security completely.  Accordingly, in the case of a security breach we do not accept any liability for the direct or indirect loss, theft or misuse of the any information and/or data that you have provided to us and/or which you have registered on finova websites.

Your rights

We want to make sure you are aware of your rights in relation to the information and/or data that we process about you.  We have described those rights and the circumstances in which they apply, below:

  • Right of access - You have the right to obtain a copy of information we hold about you
  • Right of rectification or erasure - If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data, we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Please note that we may be entitled to retain your personal data despite your request, for example if we are under a separate legal obligation to retain it. Your right of rectification and erasure extends to anyone we have disclosed your personal information to, and we will take all reasonable steps to inform those with whom we have shared their data about your request for erasure.
  • Right to restriction of processing - You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
  • Right to Portability - You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
  • Right to Object - You have a right to object to our processing your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
  • Right to Withdraw Consent - You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.
  • Right of Complaint - You also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at www.ico.org.uk.
  • Marketing Communications - To stop receiving marketing (such as email, postal or telemarketing), then please contact us using the contact us details below.

How long we keep your information

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

IP addresses and cookies

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, you may be unable to access certain parts of the Site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to the Site.