How we use your personal data
Last updated May 2018.
We keep our privacy notice under regular review and we will reflect any updates within this notice.
Your information will be held by Xcel Finance Limited. This privacy notice is to let you know how companies within our Group promise to look after your personal information.
This privacy notice applies to all individuals or users (“data subjects”) whose Personal Data is processed by Xcel Finance Limited (“us”, “we”, “our”) either directly or through the use of our website https://xcelfinance.wpengine.com/ (the “Site”).
Who we are
Xcel Finance Limited is registered in England and Wales under company number 10871707. You can contact us by:
Writing to – 133 Macdonald Road, Lightwater, United Kingdom, GU18 5YB
Emailing – [email protected]
Calling – 01276586377
Why should you to read this privacy notice?
During the course of dealing with us, we will ask you to provide us with detailed Personal Data relating to your existing circumstances, your financial situation and, in some cases, your health and family health history (Personal Data). This privacy notice is important as it allows us to explain to you what we will need to do with your Personal Data, and the various rights you have in relation to your Personal Data.
What is Personal Data?
Personal Data means any information that describes or relates to your personal circumstances. Personal Data may identify you directly, for example your name, address, date or birth, National Insurance number and the like. Your Personal Data may also identify you indirectly, for example, your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.
In the context of providing you with assistance in relation to your Mortgage, Finance and Insurance requirements, your Personal Data may include:
- Title, names, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity.
- Employment and remuneration information, (including salary/bonus schemes/overtime/sick pay/other benefits), employment history.
- Bank account details, tax information, loans and credit commitments, personal credit history, sources of income and expenditure, family circumstances and details of dependents.
- Health status and history, details of treatment and prognosis, medical reports (further details are provided below specifically with regard to the processing we may undertake in relation to this type of information).
- Any pre-existing mortgage, finance or insurance products and the terms and conditions relating to these.
- IT information Log Data – Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third party services such as Google Analytics that collect, monitor and analyse this.
If you wish to restrict or block the cookies which are set by any website, you should do this through the web browser settings for each web browser you use, on each device you use to access the Internet.
Please be aware that some of our services will not function if your web browser does not accept cookies. However, you can allow cookies from specific websites by making them “trusted websites” in your web browser.
More information about cookies can be found on www.allaboutcookies.org (This link will direct you to access an external website for which we have no control over and are not liable for your use of it).
The basis upon which we will deal with your Personal Data
Data Protection law says that we are allowed to use your Personal Data only if we have a proper reason to do so. This includes sharing it outside our company. The law says we must have one or more of these reasons:
- To fulfil a contract we have with you, or
- When it is our legal duty, or
- When it is in our legitimate interest, or
- When you consent to it.
When we speak with you about your mortgage, finance, or insurance requirements we do so on the basis that both parties are entering a contract for the supply of Services. In order to perform that contract, and to arrange the products you require, we have the right to use your Personal Data for the purposes detailed below.
Alternatively, either in the course of initial discussions with you or when the contract between us has come to an end for whatever reason, we have the right to use your Personal Data provided it is in our legitimate business interest to do so and your rights are not affected. For example, we may need to respond to requests from mortgage lenders and insurance providers relating to the advice we have given to you, or to make contact with you to seek feedback on the service you received.
On occasion, we will use your Personal data to fulfil contractual responsibilities we may owe our regulator, The Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject. In such circumstances, we would be processing your Personal Data in order to meet a legal, compliance or other regulatory obligation to which we are subject.
A legitimate interest is when we have a business or commercial reason to use your Personal Data. But even then, it must not unfairly go against what is right and best for you. We may use your Personal Data for our legitimate interest in order to:
- manage our relationship with you or your business;
- keep our records up to date, working out which of our products and services may interest you and telling you about them;
- develop and carry out our marketing strategy;
- develop new ways to meet our customers’ needs and to grow our business;
- develop services and defining what we charge for them;
- manage risk for us and our clients;
- support, develop and manage our staff members;
- develop and improve how we deal with financial crime, as well as doing our legal duties in this respect; and
- be efficient about how we fulfil our legal and contractual duties.
The basis upon which we will deal with certain parts of your Personal Data
Where you ask us to assist you with your insurance needs, in particular life insurance and insurance that may assist you in the event of an accident or illness, we may ask you information about your ethnic origin, health and medical history (this is known as Special Category Data). We will record and use your Special Category Data in order to make enquiries of insurance providers in relation to insurance products that may meet your needs and to provide you with advice regarding the suitability of any product that may be available to you.
We will need what is called explicit consent to process this type of personal data.
If you have parental responsibility for children under the age of 16, it is also likely that we will record information on our systems that relates to those children and potentially, to their Special Category Data.
The arrangement of certain types of mortgages, finance and insurances may involve disclosure by you to us of information relating to historic or current criminal convictions or offences. This is relevant to mortgage, finance and insurance related activities such as underwriting, insurance claims and fraud management.
We will use Special Category Data and any Criminal Disclosures in the same way as Personal Data generally, as set out in this Privacy Notice.
How do we collect Your Personal Data?
We will collect and record your Personal Data from a variety of sources, but mainly directly from you. You will usually provide information during the course of our initial meetings or conversations with you to establish your circumstances, needs and preferences in relation to mortgages, finance and insurance. You will provide information to us verbally and in writing, including email.
We may also obtain some information from third parties, for example, credit checks, information from your employer, and searches of information in the public domain such as the voters roll.
We may record calls in and out against customer cases so that we can be sure that we have captured the information you have given us accurately. This helps us to prevent fraud and resolve any disputes.
Automated decision making
Data Protection law has provisions on:
- Automated decision-making (making a decision solely by automated means without any human intervention.
- Profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
We will notify you and gain your consent if we wish to undertake any decision-making which is solely automated to provide you with our Services.
What happens to your Personal Data when it is disclosed to us?
In the course of handling your Personal Data, we will:
- Record and store your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees and consultants within our Company and only when it is necessary to provide our service to you and to perform any administration tasks associated with or incidental to that service.
- Submit your Personal Data to Finance Providers, Mortgage Lenders, Commercial Lenders and Insurance Product providers, both in paper form and on-line via a secure portal. The provision of this information to a third party is essential in allowing us to progress any enquiry or application made on your behalf and to deal with any additional questions or administrative issues that mortgage lenders and insurance providers may raise.
- Use your Personal Data for the purposes of responding to any queries you may have in relation to any mortgage, finance product or insurance policy you may take out, or to inform you of any developments in relation to those products and/or polices of which we might become aware.
If you give Personal Data about someone else (such as a joint applicant) then you should not do so without their permission. Where information is provided by you about someone else, or someone discloses information about you, it may be added to any personal information that is already held by us and it will be used in the ways described in this privacy notice.
Sometimes, when you make a joint application, your personal data may be shared with the other applicant. For example, details of the application will be shared with your joint applicant and vice versa.
We would like to keep you updated about relevant products and services through a variety of electronic means, including potentially by telephone, email, SMS and instant messaging services (such as WhatsApp). If you do not want to receive such messages, you can ask us to stop sending these at any time by clicking on the ‘unsubscribe’ button in our emails or by replying to our emails with the word “unsubscribe” as the subject.
If you choose not to give us your Personal Data
We may need to collect Personal Data by law, or under the terms of a contract we have with you.
If you choose not to give us this Personal Data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provides our Services to you in an efficient manner. It could mean that we cancel a service you have with us.
Sharing your Personal Data
From time to time your Personal Data will be shared with:
- Mortgage lenders, Finance lenders and insurance providers.
- Third parties who we believe will be able to assist us with your enquiry or application, or who are able to support your needs as identified. These third parties will include but may not be limited to, our Compliance department, Product specialists, estate agents, providers of legal services such as estate planners, conveyancing, surveyors and valuer’s (in each case where we believe this to be required due to your particular circumstances).
- HM Revenue & Customs, regulators and other authorities
- UK Financial Services Compensation Scheme
- Credit reference agencies
- Fraud prevention agencies
- Organisations that introduce you to us, or Companies that we introduce you to
- Companies you ask us to share your data with.
In each case, your Personal Data will only be shared for the purposes set out in this customer privacy notice, i.e. to progress your mortgage, finance or insurance enquiry and to provide you with our professional services.
Please note that this sharing of your Personal Data does not entitle such third parties to send you marketing or promotional messages: it is shared to ensure we can adequately fulfil our responsibilities to you, and as otherwise set out in this Privacy Notice.
How we check your identity
We may ask you to provide physical forms of identity verification when you make an application through us. Alternatively, we may search credit reference agency files in assessing your application. The agency also gives us other details and information from the Electoral Register to verify your identity. The agency keeps a record of our search, whether or not your application proceeds. Our search is not seen or used by lenders to assess your ability to obtain credit.
Fraud Prevention Agencies (FPAs)
We may need to confirm your identity before we provide our services to you or your business. Once you have become a client of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use Fraud Prevention Agencies to help us with this.
Both we and fraud prevention agencies can only use your personal information if we have a proper reason to do so. It must be needed either for us to obey the law, or for a ‘legitimate interest’.
A legitimate interest is when we have a business or commercial reason to use your information. This must not unfairly go against what is right and best for.
We will use the information to:
- Confirm identities.
- Help prevent fraud and money-laundering.
- Fulfil any contracts you or your business has with us.
- We or an FPA may allow law enforcement agencies to access your personal information.
- This is to support their duty to detect, investigate, prevent and prosecute crime.
FPAs can keep personal information for different lengths of time. They can keep your data for up to six years if they find a risk of fraud or money-laundering.
Sharing your Personal Data outside of the EEA
In order to provide our Services, it may be necessary for us to transfer or store your Personal Data outside of the EEA.
If we do transfer your Personal Data outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:
Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.
You can find out more about data protection on the European Commission Justice website.
Security and retention of your Personal Data
Your privacy is important to us and we will keep your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard your Personal Data against it being accessed unlawfully or maliciously by a third party.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.
To ensure that we are able to meet our legal, regulatory and customer obligations, we will retain client information for the following time periods:
- If you become a client of a lender/insurer as a result of the advice we provide to you, we will keep a full record of your interactions with us for your lifetime plus a reasonable period to enable us to meet our regulatory obligations to evidence we gave suitable advice and to enable us to answer any complaints that may arise as a result of our advice. In practice this means that we will keep your records for no longer than 100 years after you last transact with us.
- If, as a result of our advice, you make an application to a lender/insurer but do not ultimately become a client of that institution, we will keep a full record of your interactions with us for 6-years to meet our obligations under UK Money Laundering regulations.
- If we provide you with advice on a financial product, but you do not engage our services to make an application to a lender/insurer, we will keep a full record of your interactions with us for 3-years, to enable us to meet our regulatory record keeping obligations regarding evidencing suitability of our advice.
- If we collect personal information from you, but are unable to provide you with suitable advice, then we will keep a full record of your interactions with us for 1-year to facilitate an easier interaction between us if you re-engage our services within this period.
Your rights in relation to your Personal Data
request copies of your Personal Data that is under our control;
ask us to further explain how we use your Personal Data;
ask us to correct, delete or require us to restrict or stop using your Personal Data (details as to the extent to which we can do this will be provided at the time of any such request)
ask us to send an electronic copy of your Personal Data to another organisation should you wish; and
in any case where we are processing your Personal Data based on your consent, you can withdraw that consent at any time by contacting us.
How to make contact with our Firm in relation to the use of your Personal Data
If you have any questions or comments about this document or wish to make contact in order to exercise any of your rights set out within it please contact The Data Protection Officer: Xcel Finance Limited, 133 Macdonald Road, Lightwater, GU18 5YB.
If we feel we have a legal right not to deal with your request, or to action, it in different way to how you have requested, we will inform you of this at the time.
You should also make contact with us as soon as possible on you becoming aware of any unauthorised disclosure of your Personal Data, so that we may investigate and fulfil our own regulatory obligations.
If you have any concerns or complaints as to how we have handled your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.