FinTrace Privacy Notice
Last Updated: 05 May 2019
This document provides an overview about how we use and share personal data that we receive and use in connection with our identity verification and tracing services, credit risk and affordability checking, fraud prevention, anti-money laundering, and some of our related services. It covers the following topics:
1. Who we are and how you can contact us
2. What we use personal data for
3. What kinds of personal data we use, and where we get it from
4. What our legal grounds for handling personal data are
5. Who we share the personal data with
6. Where the personal data is stored and sent
7. How long the personal data is kept for
8. Whether the personal data is used to make decisions about you or to profile you
9. Your rights in relation to the personal data we hold about you
10. Who you can complain to if you are unhappy about the use of your personal data
You have the right to object to our use of your personal data. Please see section 9 to find out more.
1. WHO WE ARE AND HOW YOU CAN CONTACT US
FinTrace is a brand operated by Data OD Ltd (trading as DataOnDemand or DataOnDemand.co.uk). We are a UK consumer data aggregator. This means that we gather information about people from different data sources called Network Partners, Data Contributors, Data Partners and Data Disclosers.
The data that is shared with us includes Online Loan Applications, Online Competition Online Entries, Online and Offline Magazine Subscriptions and Public Databases such as the Edited Electoral Roll, the Land Registry and the Energy Performance Certificate register.
We combine this information to create a Single Search View so we can provide your information to other companies who want to contact you or use this information prevent fraud and relation to credit referencing.
You can contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
Post: Consumer Services Team, FinTrace, C/O Data OD Ltd, Platform, Leeds, LS1 4JB.
Telephone: 01134 266 550
2. WHAT WE USE PERSONAL DATA FOR
This section explains the purposes for which we use personal data about you. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.
Providing services to the organisation you are dealing with
We use your personal data to provide services to the organisation you are dealing with. These services might include, for example, credit risk and affordability checking, fraud prevention, anti-money laundering checks, identity verification, and tracing for debt collection purposes.
If you owe money to one of our clients and have moved without telling them, they may use our services in order to find your new address and other contact details so that they can contact you to arrange repayment.
Providing services to our other clients
We use personal data to provide services to organisations other than the one you are directly dealing with. For example, if we receive a request for information from a law enforcement agency we may provide access to the data we hold that relates to information the organisation holds about you.
Product or systems development and testing
We may sometimes use personal data while improving, developing or testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise or pseudonymise the data before doing this.
Legal and regulatory purposes
We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.
3. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM
When a client uses our services they will typically send us information such as:
Identifiers (including your name, date of birth, and current and previous addresses). This helps us to match your information to the other information we hold in our databases.
The purpose for which they are requesting information about you.
Other relevant details such as the nature of your loan application.
When we receive that information, we match it against the other information that we hold in order to find and return additional information about you.
Depending on the service we are providing, this can include information such as your credit history, credit score, any court judgments or insolvency-related events, fraud prevention indicators, and additional contact details or address history.
It can also include similar kinds of information about people who are associated with you.
4. WHAT OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA ARE
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this is not outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests we are typically pursuing when providing services to our clients are:
Promoting responsible lending and helping to prevent over-indebtedness.
Responsible lending means that lenders only sell products that are affordable and suitable for the borrowers’ circumstances. We help ensure this by sharing personal data about potential borrowers, their financial associates where applicable, and their financial history.
A comprehensive range of measures exists in the UK to underpin the balance so that the legitimate interests are not outweighed by the interests, fundamental rights and freedoms of individuals. Further explanation about this balance is set out below.
Helping prevent and detect crime and fraud; anti-money laundering; and identity verification
We provide identity, anti-fraud and anti-money laundering services to help clients meet legal and regulatory obligations, and to the benefit of individuals to support identity verification and support of the detection and prevention of fraud and money-laundering.
Supporting tracing and collections
We provide services that support tracing and collections where there is a legitimate interest in the client conducting activity to find its customer and to recover the debt, or to reunite, or confirm an asset is connected with, the right person.
Complying with and supporting compliance with legal and regulatory requirements
We have to comply with various legal and regulatory requirements, and our services also help other organisations comply with their own legal and regulatory obligations. For example, many kinds of financial services are regulated by the Financial Conduct Authority or the Prudential Regulation Authority, who impose obligations to check that financial products are suitable for the people they are being sold to. We provide data to help with those checks.
Our use of personal data is subject to an extensive framework of safeguards that help make sure that your rights are protected. These include the information you are given about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not compromise your interests, fundamental rights and freedoms.
Necessity for compliance with a legal obligation
We sometimes need to use your personal data in order to comply with a legal obligation that we are under. For example, if you submit a request to us for a copy of your personal data, either directly or through a third party that you have authorised to act on your behalf, we will normally be legally required to provide that personal data. See section 9 below for details of what requests you can make and how to make them.
5. WHO WE SHARE THE PERSONAL DATA WITH
This section describes the types of recipient we can share data with.
Users of our services
We share data with users of our services. Please refer to section 2 for examples of this kind of data sharing.
We sometimes use other organisations such as resellers, distributors and agents to help provide our services to clients and may provide personal data to them in connection with that purpose.
We may provide your information to third parties who help us use it for the purposes described in section 2. For example, our databases of personal data may be hosted by third parties on our behalf.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
Our group companies
In some circumstances we may share your personal data among the members of Data OD ltd. If we do so, then use of the data by those companies will be governed by this privacy notice.
You and your associates
You are entitled to obtain copies of the personal data that we hold about you. You can find out how to do this in Section 9 below.
Similarly, your associates are also entitled to obtain copies of the personal data that we hold about them.
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
6. WHERE THE PERSONAL DATA IS STORED AND SENT
Within the United Kingdom
7. HOW LONG THE PERSONAL DATA IS KEPT FOR
When we receive personal data from a client in order to provide services to them we will keep a copy of that data for a period of time in order to investigate any data supply or data load issues, restore our systems in the event of a data loss incident, and in order to investigate and respond to any complaints, claims and enquiries that we may receive from consumers, clients or regulators.
8. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU
We do not use your personal data to make automated decisions about you.
We provide data and analytics that help our clients make decisions about lending and other matters, but our clients’ own data, knowledge, processes and practices will also generally play a significant role in their decisions – and those decisions will always be for them to make.
9. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU
You have several different rights in relation to the personal data that we hold about you. These are described below. To enquire about exercising these rights, please use the contact details set out in section 1.
YOUR RIGHTS UNDER GDPR
Right to be informed
The name and contact details of our organisation.
We are Data OD Ltd and our brand is FinTrace. Our Head Office is based in Leeds, West Yorkshire and our trading address can be found at the bottom of this page. Our registered address is 62-66 Deansgate, Manchester, England, M3 2EN. Our Company number is 10183365. To contact us by telephone our main number is 01134 226 550. To contact us by email for general enquiries it is MyInfo@DataOnDemand.co.uk
The purposes of the processing.
Tracing for Debt Collection and Asset Repatriation purposes, Credit Risk and Affordability checking, Fraud Prevention, Anti-Money Laundering checks and Identity Verification
The lawful basis for the processing.
Legitimate Interest or Consent, where appropriate.
The legitimate interests for the processing.
Use includes tracing of individuals, verification and/or validation of the identity of individuals for the purposes of, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification.
The categories of recipients of the personal data.
Political: Political Party
Justice: Anti-fraud and theft initiative, Police Authority, Police Commissioner, Police Force, Probation
Land or property services: Estate agency / letting agency, Financial services and advice, Housing association, Property Management, Housing Association
Finance, insurance and credit: Bank and building society, Credit referencing, Debt collection/tracing, Financial Service and advice, Insolvency Practioner, Insurance, Lender, Payment service, Pension
Online Technology and Telecoms: Software developer
Retail and manufacture: Supplier of goods > Catalogue mailorder, Ecommerce (Online retailer), Mail order trader
The details of transfers of the personal data to any third countries or international organisations.
The data is shared with named recipients in the United Kingdom.
The retention periods for the personal data.
We retain the permission to hold the data for trace and analysis purposes until we are advised by the Data Subject that they no longer want us to process their data. The maximum amount of time we will hold the data for suppression purposes is six years.
The right to withdraw consent.
You can email us at MyInfo@DataOnDemand.co.uk to withdraw the consent to process your data.
The right to lodge a complaint with a supervisory authority.
You can lodge a complaint with the ICO by emailing email@example.com
The source of the personal data.
You can request the information in relation to the source of your personal data by emailing MyInfo@DataOnDemand.co.uk.
The details of the existence of automated decision-making, including profiling.
Right to access
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully
You can contact us at MyInfo@DataOnDemand.co.uk to confirm if we are processing your data or to request a copy of the data that we hold and any supplementary information that you are entitled to. You can also call us directly on 01134 266 550 with the same request.
Right to rectification
Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.
You can contact us at MyInfo@DataOnDemand.co.uk to request to have inaccurate data rectified or to have incomplete data completed. You can also call us directly on 01134 266 550 with the same request.
Right to erasure
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’.
You can contact us at MyInfo@DataOnDemand.co.uk to request to have your data deleted. You can also call us directly on 01134 266 550 with the same request.
Right to restrict processing
Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of the data.
You can contact us at MyInfo@DataOnDemand.co.ukto request to have your added to our suppression list and removed from our Partners if you wish to withdraw consent. You can also call us directly on 01134 266 550 with the same request.
Right to data portability
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
You can contact us at MyInfo@DataOnDemand.co.uk to request to a copy of the information we hold to be provided to you or another controller. This is supplied in a Excel (.CSV) format and can be sent by email or by post. You can also call us directly on 01134 266 550 with the same request.
Right to object
Article 21 of the GDPR gives individuals the right to object to the processing of their personal data. This effectively allows individuals to ask you to stop processing their personal data. The right to object only applies in certain circumstances. Whether it applies depends on your purposes for processing and your lawful basis for processing.
You can contact us at MyInfo@DataOnDemand.co.uk to request that we stop processing your personal data where you have given consent for marketing. You can also call us directly on 01134 266 550 with the same request.
Rights related to automated decision making including profiling
Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.
You can contact us at MyInfo@DataOnDemand.co.uk uk to request that do not use your personal data to create the models outlined in the section of this page entitled Why do we share your information with Third Parties?. You can also call us directly on 01134 266 550 with the same request.
10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:
Post: Consumer Services Team, FinTrace, C/O Data OD Ltd, Platform, Leeds, LS1 4JB.
Telephone: 01134 266 550
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.