Babb & Green Finance Limited
Babb & Green Finance Limited is committed to protecting and respecting your privacy.
Babb & Green Finance Limited is a finance broker authorised and regulated by the Financial Conduct Authority.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our website you are accepting and consenting to the practices described in this policy.
For the purpose of the European Data Protection Regulations (‘GDPR’) and the Data Protection Act 2018 (the Act) and, the data controller is Babb & Green Finance Limited, 8 Fairway, Tiverton, Devon, EX16 4NF
This Privacy Statement explains how we process your information and your rights under both DPA and GDPR.
Information we might hold about you
Information we may collect from you
We may collect and process the following data about you:
- Transaction Data: for example, what sort of products you are selecting, the length of term, the type of assets you are looking at financing, business type and geographical location
- Payment data: for example, the amount, origin, frequency, history and method of your payment
Information you give us
- When you apply for our products and services and throughout the course of our dealings: for example, your name, your national insurance number, your VAT number, your postal and email addresses, your IP address, telephone number, dates of birth, bank account details, equipment requirement details, home and property ownership details, reason for borrowing, your assets and liabilities, details of your proof of identity documentation, proof of address documentation, evidence of additional equity available and evidence of any other business interests, annual Accounts or Tax Returns
- In writing: for example, letters, emails, texts and other electronic communications
- Online: for example, when you use our website
- In financial reviews, for renewals and in any surveys etc
Information we receive from other sources
- Data from persons that introduce you to us: for example, product suppliers, financial advisers and consultants, Accountants, our Agents, finance providers, other Finance Brokers or other third parties
- Publicly available information: for example, from the Land Registry, Companies House, the Electoral Register, other information available online or in the media, including social media
- Data from your representatives where relevant: for example, your legal and financial advisers such as Lawyers and Accountants
Uses made of the information
We use information you give us and that we collect from you and third parties in the following ways:
To assess your borrowing request, calculate quotes, complete borrowing applications to lenders, exercise our contractual rights/obligations, complete pre and post contractual checks, provide you with customer service, account management, business development, regulatory and legal requirements, business management/operations (including record keeping), marketing and research.
From time to time we may contact you to ask for your consent to use your personal data for other purposes. Your personal data may also be used for other purposes where required or permitted by law.
Disclosure of your information
We may share your personal information as set out below before, during and after your agreement with us.
We may share your information with selected third parties including: for example, business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you, including without limitation any data processor we engage, analytics and search engine providers that assist us in the improvement and optimisation of our website.
We may disclose your personal information to third parties: In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
In order to process your application, the lender(s) we approach for finance may supply your information to Credit Reference Agencies (CRAs) in which case they will give the lender(s) information about you, such as about your financial history. The lender(s) does not share the information they receive from CRAs with Babb & Green Finance Limited beyond indicating that some adverse information has been revealed in the case of the lending application being declined for this reason. In such situations we will advise you how you can access full details of the data via the CRAs themselves. When CRAs receive a search from a lender they may place a search footprint on your credit file that may be seen by other lenders and used to assess applications for finance from you and members of your household. The CRA may also share your personal information with other organisations. The lender(s) may continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. Your data will also be linked by CRAs to the data of your spouse, any joint applicants or other financial associates. More information about CRAs and how they use your personal data is available at CRAIN (http://www.experian.co.uk/crain/index.html)
Where we store your personal data
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long is personal data kept for
We will retain your personal data throughout the duration of your agreement or as long as you are a customer with us or we perceive that you may still be a customer. We may retain your personal data beyond this date for the purposes mentioned above and will in any case at all times retain it for the minimum period required by law. We may also retain your data to deal with any potential disputes, to maintain records and to show that we have dealt with you fairly. We may also retain your data for research and statistical purposes in which case we will ensure it is kept private and used only for these purposes.
Data about live and settled accounts is kept by CRAs on credit files for 6 years from the date they are settled or closed. If the account is recorded as defaulted, the data is kept for 6 months from the date of the default.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain clauses on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Your rights under Data Protection Law
We operate under the Data Protection Act 2018 (‘DPA’) and the European General Data Protection Regulation (‘GDPR’).
The DPA and GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.
We must ensure that personal data shall be:
a) processed lawfully, fairly and in a transparent manner;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and where necessary kept up to date;
e) kept for no longer than is necessary for the purposes for which the personal data are processed. We operate a data retention policy that ensures we meet this obligation. We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so. For detail of our current retention policy contact us at email@example.com
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We ensure lawful processing of personal data by obtaining consent; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.
In the majority of cases we process personal data based on your contract with us. In other cases, we process personal data only where there are legitimate grounds for so doing.
To meet our Data Protection obligations, we have established comprehensive and proportionate governance measures.
We ensure data protection compliance across the organisation through:
a) implementing appropriate technical and organisational measures including internal data protection policies, staff training, internal audits of processing activities, and reviews of internal HR policies.
b) maintaining relevant documentation on processing activities.
c) implementing measures that meet the principles of data protection by design and data protection by default including data minimisation, pseudonymisation, transparency, deploying the most up-to-date data security protocols and using data protection impact assessments across our organisation and in any third party arrangements.
Under the GDPR You have the following specific rights in respect of the personal data we process:
- The right to be informed about how we use personal data. This Privacy Statement explains who we are; the purposes for which we process personal data and our legitimate interests in so doing; the categories of data we process; third party disclosures; and details of any transfers of personal data outside the UK.
- The right of access to the personal data we hold. In most cases this will be free of charge and must be provided within one month of receipt.
- The right to rectification where data are inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
- The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The right to restrict processing, for example while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but not further process it until such time as we have resolved the issue.
- The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is for necessary for the performance of a public interest task.
- Rights in relation to automated decision making and profiling.
Please contact us at firstname.lastname@example.org for more information about the GDPR and your rights under Data Protection law.
If you have a complaint about data protection at Babb & Green Finance Limited, please contact Peter Green at email@example.com
Alternatively contact our supervisory authority for data protection compliance (www.ico.org.uk): Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)