Last Updated: 27 May 2021
WHO ARE WE AND WHAT IS FINTRACE?
Fintrace is brand owned and operated by Data OD Ltd, a company registered in England and Wales with registered number 10183365 and ICO Registration ZA231384.
Fintrace is a service used by various businesses including banks, building societies, credit reference agencies, debt collections agencies, insurance providers, pension providers, providers of consumer credit, law enforcement agencies, utilities, and other service providers who have a legal right to contact an individual, or to otherwise use the information which is processed to verify certain information to prevent fraud and improve the customer overall experience in general or to further their own legitimate interests that they have informed you of.
To make a request to restrict the processing of data and information an individual can contact Data OD at the email address firstname.lastname@example.org, or alternatively in writing, to Data OD Ltd, Platform, New Station Street, Leeds, LS1 4JB.
ORIGINATING DATA SOURCE
Snapshot of how your data will be used – What is involved in the “Scope” of Tracing & Verification?
Asset Repatriation - A company may wish to contact an individual because they are required to return funds to them, but the information they hold is out of date
Credit Risk Assessment - The information may be used to assess the current credit risk of a customer who has previously taken a loan, or has revolving credit, and is making a repayment.
Debt Collection and Recoveries - A company may need to contact an individual where they have a legal right to do so, as a result of a debt being purchased by a third party. The information may be used to verify the individual’s most recent employer, for the purposes of litigation, when a debt has been purchased but a third party.
Fraud Prevention – The information may be used by organisations in order to identify fraudulent activity or trends that indicate fraud.
Identity Verification - The information may be processed to assist in verifying an individual’s identity when they open a credit account.
We call this the “Scope” of our processing.
For a detailed description of the legal basis of our processing activities, see the section entitled What our legal grounds for handling personal data are below.
The websites which share information for the Scope of the processing, include:
This document provides an overview of how we use and share personal data that we receive and use in connection with the Purposes for Processing. It covers the following topics:
1. Who we are and how you can contact us
2. What we use personal data for
3. What kinds of personal data we use, and where we get it from
4. What our legal grounds for handling personal data are
5. Whom we share the personal data with
6. Where the personal data is stored and sent
7. How long the personal data is kept for
8. Whether the personal data is used to make decisions about you or to profile you
9. Your rights in relation to the personal data we hold about you
10. Whom you can complain to if you are unhappy about the use of your personal data
You have the right to object to our use of your personal data. Please see section 9 to find out more.
1. WHO WE ARE AND HOW YOU CAN CONTACT US
We are Data OD Ltd, and we operate the brand Fintrace, as further set out above.
Post: Consumer Services Team, Fintrace, C/O Data OD Ltd, Platform, Leeds, LS1 4JB.
Email: Myinfo@dataondemand.co.uk using the Subject Line "FinTrace Data Enquiry"
Telephone: 01134 266 550
2. WHAT WE USE PERSONAL DATA FOR
We use data to provide services to third-party organisations. These third parties will either already have a relationship with Individuals or will act under legally enforceable arrangements with those individuals and this includes the assigns of that third party (i.e. other businesses they give their rights to, such as assignments of debts).
The data may be processed for activities included in the following Scope for Tracing and Verification:
We use the word Tracing to cover the following types of processing activities:
Asset Repatriation i.e. tracing family members of deceased individuals.
Debt Collection and Recoveries means to trace individuals in order to send invoices or recover debts.
Enforcement covers legal judgments/court orders and tracing activities related to those.
We use the word Verification to cover the following types of processing activities
Credit Risk Assessment – verifying a Data Subject’s creditworthiness/risk.
Fraud Prevention – Using data to identify patterns of fraudulent behaviour, or to reduce the overall risk of fraud by ensuring that persons are real.
Identify Verification – To check that Data Subjects are whom they claim to be.
Identifying Vulnerable Customers – Using data to identify certain classes or Data Subjects who may be at a higher risk of harm from taking out further debts for example. The anticipated processing is only intended to protect those vulnerable Data Subjects who are identified, not to target them in order to take advantage of their vulnerability (a risk we generally mitigate contractually – see below).
3. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM
When a client uses our services they will typically send us information such as:
Identifiers (including an individual’s name, date of birth, and current and previous addresses). This helps us to match the information to the other information we hold in our databases.
The purpose and legal basis, pursuant to which they are requesting information about the individuals.
When we receive that information, we match it against the other information that we hold in order to find and return additional information about an individual.
Depending on the service we are providing, this can include contact data, employment data, data about financial beahviour and data about a property.
It can also include similar kinds of information about people who are associated with an individual.
4. OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this is not outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data. We may also rely upon (or third parties may rely upon) other legal bases for processing your data and these will be set out in their privacy notices. Generally, we may also process your data where that is required for us to comply with any legal obligation we are subject to and must comply with, or where we or a third party have a contract with you, and they are using your information in order to carry out the rights and obligations set out in that contract.
A comprehensive range of measures exists in the UK to underpin the balance so that the legitimate interests are not outweighed by the interests, fundamental rights, and freedoms of individuals.
Our use of personal data is subject to appropriate technical and organisational measures that help make sure that your rights are protected. These include the information you are given about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it corrected or restricted, object to it being processed, and complain if you are dissatisfied. We also have to consider the potential harms that could arise from the use of data, and we balance those potential risks against the legitimate interests we identify as being relevant. These safeguards help sustain a fair and appropriate balance so that our activities do not compromise your interests, fundamental rights, and freedoms.
The legitimate interests we are typically pursuing when providing services to our clients are:
Interest: Commercial Interest of Data OD and Contributing Data Sources.
Explanation: We both receive financial incentives based on the volume of data processed. This interest is balanced against the rights of data subjects.
Interest: Supporting tracing and debt collections
Explanation: We provide services that support tracing and collections where there is a legitimate interest in the client conducting activity to find its customer and to recover the debt, or to reunite, or confirm an asset is connected with, the right person. The interests furthered here relate to debtors and relevant proprietors.
Interest: Promoting responsible lending and helping to prevent over-indebtedness.
Explanation: Responsible lending means that lenders should only sell products that are affordable and suitable for the borrowers’ circumstances. We help ensure this by sharing personal data with our Clients about potential borrowers, and their financial history.
Interest: Helping prevent and detect crime and fraud; anti-money laundering; and identity verification
Explanation: We provide identity, anti-fraud, and anti-money laundering services to help clients meet legal and regulatory obligations, and to the benefit of individuals to support identity verification and support the detection and prevention of fraud and money-laundering.
Other legal bases for processing that may apply:
Where “processing is necessary for compliance with a legal obligation to which the controller is subject”:
Any organisation within the chain of processing may be subject to certain legal obligations and it is for each party to determine the extent to which is required to process data for this purpose under the circumstances of the requirement.
Carrying out contractual obligations
Controllers may have contractual relationships (either directly, or indirectly pursuant to the Contracts (Rights of Third Parties) Act 1999) with Data Subjects, and information may be processed by them in line with such duties. Data OD does not have a contractual obligation directly with Data Subjects but may be determined to indirectly grant certain rights to Data Subjects through Data OD’s contracts with its customers relating to processing DSARs for example. Controllers may determine that they are permitted to process data under this basis, such as where the right to enforce a debt or other contractual right has been assigned to a third party other than the original Controller.
5. WHOM WE SHARE THE PERSONAL DATA WITH
This section describes the types of recipients we will share data with.
Users of our services
We share data with the users of our services (i.e. other businesses), limited to the Scope we have told you about.
This might include banks, building societies, credit reference agencies, debt collections agencies, insurance providers, pension providers, providers of consumer credit, law enforcement agencies, utilities, and other service providers who have a legal right to contact an individual, or to otherwise use the information which is processed to verify certain information to prevent fraud and improve the customer overall experience in general or to further their own legitimate interests that they have informed you of.
Other applicable categories of recipients might include:
Political: Political Party
Justice: Anti-fraud and theft initiative, Police Authority, Police Commissioner, Police Force, Probation
Land or property services: Estate agency/letting agency, Financial services and advice, Housing association, Property Management, Housing Association
Finance, insurance, and credit: Bank and building society, Credit referencing, Debt collection/tracing, Financial Service and advice, Household Utility Provider, Insolvency Practioner, Insurance, Lender, Payment service, Pension,
Online Technology and Telecoms: Software developer
Retail and manufacture: Supplier of goods > Catalogue mailorder, Ecommerce (Online retailer), Mail order trader
We sometimes use other organisations such as resellers, distributors, and agents to help provide our services to clients and may provide personal data to them in connection with that purpose, but if we do that then we make sure that data is subject to the same protection it receives when we process it.
We sometimes use third parties who provide services to us, on a very limited basis and strictly following our instructions which will only relate to the Scope we have told you about. This might include address validation and telephone validation or other similar services to ensure the accuracy of information.
These service providers will not be allowed to use your information for any other purpose other than providing the service to Data OD.
Our group companies
In some circumstances, we may share your personal data among the members of the group of companies to which Data OD Ltd belongs. If we do so, then the use of the data by those companies will be governed by this privacy notice and your existing legal rights will not be affected. Data OD Ltd always remains responsible for the other members of its group of companies if this is ever required.
If we sell our business to a third party or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business and they will continue to use it only in accordance with this notice, unless and until they tell you otherwise.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
LexisNexis Risk Solutions UK Ltd, Global Reach, Dunleavy Drive, Cardiff, CF11 0SN
6. WHERE THE PERSONAL DATA IS STORED AND SENT
Within the United Kingdom and to the United States of America.
7. HOW LONG THE PERSONAL DATA IS KEPT FOR
The data is stored until the Individual requests that the processing of the data is restricted.
When we receive personal data from a data contributor in order to provide services we will keep a copy of that data for a period of time in order to investigate any data supply or data load issues, restore our systems in the event of a data loss incident, and in order to investigate and respond to any complaints, claims, and inquiries that we may receive from consumers, clients or regulators. We consider the length of time that data is useful for, and delete it when it is no longer necessary to achieve the Scope we have described to you.
8. WHETHER THE PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU
We do not use your personal data to make automated decisions about you, and we only use profiling in order to protect potentially vulnerable people where applicable.
We provide data and analytics that help our clients make decisions about lending and other matters, but our clients’ own data, knowledge, processes, and practices will also generally play a significant role in their decisions, and those decisions will always be for them to make and will be set out in their privacy notices.
9. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU
You have several different rights in relation to the personal data that we hold about you. These are described below. To enquire about exercising these rights, please use the contact details set out in section 1.
Right to be informed
You can ask us about how we process your data at any time, and for any reason (unless you have already made the same request previously or we consider it to be excessive or manifestly unfounded in the way that the ICO defines those terms). Just so you know that we welcome you contacting us, there is no need to scroll back up to the top of this policy: We are Data OD Ltd. We are a company registered in England and Wales. We are registered with Companies House under Company number 10183365. We own and operate the brand Fintrace. Our Head Office is based in Leeds, West Yorkshire and our trading address is Fintrace C/O Data OD Ltd, Platform, New Station Street, Leeds, LS1 4JB . Our registered address is Data OD Ltd C/O Ground Floor St Paul’s House, 23 Park Square, Leeds, West Yorkshire, England, LS1 2ND . To contact us by telephone our main number is 01134 266 550.
To contact us by email for general inquiries, you can reach us at: Myinfo@dataondemand.co.uk
The source of the personal data.
You can request the information in relation to the source of your personal data by emailing email@example.com.
Right to access
You can contact us at firstname.lastname@example.org to confirm if we are processing your data or to request a copy of the data that we hold and any supplementary information that you are entitled to. You can also call us directly on 01134 266 550 with the same request.
Right to rectification
You can contact us at email@example.com to request to have inaccurate data rectified or to have incomplete data completed. You can also call us directly on 01134 266 550 with the same request.
Right to erasure
You can contact us at firstname.lastname@example.org to request to have your data deleted, although we might need to keep some data If you would prefer that we apply a suppression (see below) which will help us to realise when we receive your information in the future so that we can continue to apply that suppression. If we simply delete all of your personal data then we wouldn’t be able to suppress it if we receive it again in the future. You can also call us directly on 01134 266 550 with the same request.
Right to restrict processing
You can contact us at email@example.com to request to have your data added to our suppression list and removed from our Partners if you wish to restrict the processing. You can also call us directly on 01134 266 550 with the same request.
Right to receive a free copy of your data (Right of Portability)
The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used, and machine-readable format. It also gives them the right to request that a controller transmits this data directly to another controller.
You can contact us at firstname.lastname@example.org to request a copy of the information we hold to be provided to you or another controller. This is supplied in an Excel (.CSV) format and can be sent by email or by post. You can also call us directly on 01134 266 550 with the same request.
Right to object
You can contact us at email@example.com to request that we stop processing your personal data
You can also call us directly on 01134 266 550 with the same request or to find out more.
10. WHOM YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:
Post: Consumer Services Team, FinTrace, C/O Data OD Ltd, Platform, Leeds, LS1 4JB.
Telephone: 01134 266 550
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk or by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.