Sancus BMS Group Limited Privacy Policy

Introduction

Sancus BMS Group Limited and all entities within the group (“Sancus”) (“We”) or (“Us”) conform with the General Data Protection Regulation EU 2016/679 (“GDPR”). Sancus is a Data Controller and each entity in the Group is registered with the Office of the Data Protection Commissioner or similar (“Supervisory Authority”), in its respective jurisdiction.

Sancus can be contacted regarding this Privacy Policy at: data.controller@sancus.com or per the contact details for each entity which are included in the table at the end.

Sancus has determined it is unnecessary to appoint a Data Protection Officer, however, the Data Controller is the main contact regarding privacy issues for all jurisdictions.

This Privacy Policy sets out how we will use personal information we collect and receive about you.

Sancus is committed to ensuring personal data is processed fairly with appropriate safeguards which consider your privacy rights. We limit access to your personal information to employees who we believe have a reasonable need to access your information in order to carry out their jobs.

Policy statement

We will only collect and use your personal information where we have lawful grounds and legitimate business reasons to do so. We will be transparent in our dealings with you and will tell you how we will collect and use your personal information. If we have collected your personal information for a particular purpose we will not use it for any other purpose unless you have been informed, or where we are legally obliged to. We will update our records when you inform us your details have changed. We will implement appropriate retention policies and ensure your personal information is securely disposed of at the end of the appropriate period. We will observe the rights granted to you under the applicable privacy and data protection laws. We will train our staff on their privacy obligations. We will ensure we have appropriate organisational and technical measures to protect your personal information and when we outsource any processes, the supplier has appropriate measures in place.

What information we collect

We will collect personal information about you and any associated parties you are authorised to disclose data about. This will include information such as names, addresses, telephone numbers, email addresses, date of birth, nationality, financial and banking details, identification documents, tax identification numbers, and technical details including your Internet Protocol (“IP”) address, login information, browser type and operating system.

Where the application is on behalf of a business we will require information in respect of the business itself as well as personal information relating to the Principals, including but not limited to any directors, partners, members, shareholders, ultimate beneficial owners, trustees, settlors and/or beneficiaries (where the case may be).

We also receive other information from third-party sources when we are conducting due diligence for Anti-Money Laundering (“AML”) purposes and to verify your and any associated party’s identities.

Where we obtain the information

This information will be collected when you access our website, register your interest for our services and complete an application for a facility. We will also collect information from any intermediaries acting on your behalf and from our employees when interacting with you regarding the use of our facilities. We will collect information during the term of any contract between you and us.

Fraud prevention agencies, anti-money laundering service providers and company register services will provide information when we conduct our due diligence.

What we do with the information

We are required to process your information at your request to enter into, and thereafter manage, a facility or contract with us. Failure to provide the necessary information will not permit us to offer you such facility.

We will use your information to achieve the legal obligation of assessing the suitability of the facility or contract and to conduct necessary searches for AML and fraud prevention purposes. We may share your information with other categories of recipient, subject to the purpose of processing. These may include (and not limited to): Property Agents; Valuers; Surveyors; Legal Services; Debt Recovery Services; Intermediaries; Fraud Prevention Agencies, Law Enforcement or other government bodies (to assist them in preventing crime, tax avoidance or other fraudulent activities), where appropriate.

We have a legitimate interest in:

  • contacting you from time to time to tell you about similar products or services which we believe you could be interested in;
  • sharing your information with other companies in our Group, ensuring adequate protection of your information;
  • use your information for statistical purposes for us to improve our products and services.

In the event that we are unable to enter into a contract with you, we will require your explicit consent to share your information with third-party companies who offer similar products and who may be able to assist you.

Retention

There are certain regulatory requirements for the retention of any personal data we hold. We will only hold data for as long as necessary which considers these requirements. For instance, we will retain your personal data for 10 years after the last transaction/dealing with us, unless we have a legitimate reason to retain it for longer.

Transferring or storing data outside the EU

Occasionally we will be required to share your data with other parties. These parties may be located within or outside of the European Union. Where these parties operate (i) in territories within the EU, (ii) are in territories which have been granted EU adequacy status for transferring of data, or (iii) operate within the US and subscribe to the US-EU Privacy Shield, there are appropriate safeguards in place for the transfer of your personal data. Where these parties may be located in another territory, we will ensure there are adequate contractual clauses in place to safeguard the transfer of your personal data.

Your rights

Under the GDPR, you are given certain rights about how your data is used, these rights are:

  • the right to be informed how your data will be processed – we will provide a Fair Processing Notice at the time of collecting your personal data (ordinarily at the time of making an application), which informs you how we will process your data. (If another party has provided the data, this notice will be provided within one-month of processing your data);
  • the right to withdraw consent – if we require consent for a specific process, you may withdraw this consent at any time preventing us from any further processing. You may withdraw consent by contacting us, selecting communications preferences on the web-site or by selecting unsubscribe in any emails we send to you;
  • the right of access – we will confirm if we hold and process any personal data, and describe the purpose of the processing; the categories of the data concerned; the recipients or categories of recipients where the data has been or will be disclosed; the envisaged period the data will be retained (or the criteria for determining the retention period); any information available regarding the source of your information where we have not collected it from you; the existence of any automated decision making or profiling; and we will confirm your rights. Sancus will not charge for such request and will provide the information within one-month. If there are any exceptions, we will confirm these exceptions in writing within one-month;
  • the right of rectification – where you believe data we hold is inaccurate you have the right to request this inaccuracy be rectified;
  • the right of erasure (to be forgotten) – in certain circumstances you have the right to have your personal information erased. If you make a request to erase data which we are not obliged to erase, we will confirm the reason in writing;
  • the right to restrict processing – in certain circumstances you have the right to restrict how we process your personal information. If you make a request to restrict data processing which we are not obliged to restrict, we will confirm the reason in writing;
  • the right to data portability – we will provide the personal data which you provided to us in an appropriate format which you may pass to another data controller;
  • the right to object to automated decision making or profiling – if we make automated decisions or use your data for profiling you may object to this processing and request ‘human intervention’;
  • the right to complain to the Supervisory Authority – you may make a complaint to the relevant Data Protection Office if you believe we are processing your data inappropriately/illegally.

The transmission of information via the internet may not be completely secure. We will do our best to protect your personal information, but we cannot guarantee the security of data transmitted to our site. A transmission is at your own risk.

Complaints about how your data is handled

How to complain to Sancus

You can make a complaint directly to Sancus by contacting us by email to data.controller@sancus.com or in writing to the relevant Sancus entity detailed below.

How to complain to a Supervisory Authority

If you believe we are processing your personal data inappropriately or without a lawful basis for processing the data, you may make a complaint to the Supervisory Authority per the details contained in the following table:

Jurisdiction Entity Contact details Supervisory Authority Supervisory Authority contact details
Guernsey Sancus (Guernsey) Limited Data Controller, 1st Floor, 10 Lefebvre Street, St Peter Port, Guernsey, GY1 2PE Office of the Data Protection Commissioner Guernsey Information Centre, North Esplanade, St Peter Port, Guernsey, GY1 2LQ – 01481 742074
Jersey Sancus (Jersey) Limited Data Controller, Windward House, La Route de la Liberation, St Helier, Jersey, JE2 3BQ Office of the Information Commissioner Brunel House, Old Street, St Helier, Jersey, JE2 3RG – 01534 716530
Gibraltar Sancus (Gibraltar) Limited Data Controller, Third Floor, Heritage House, 233/3 Main Street, Gibraltar, GX11 1AA Gibraltar Regulatory Authority 2nd Floor, Eurotowers 4, 1 Europort Road, Gibraltar – +0350 200 74636
Isle of Man Sancus (Isle of Man) Limited Data Controller, 2nd Floor, Exchange House, 54-58 Athol Street, Douglas, Isle of Man, IM1 1JD Isle of Man Information Commissioner First Floor, Prospect House, Douglas, Isle of Man, IM1 1ET – 01624 693260
UK Sancus Funding Limited Data Controller, Belvedere House, Basingview, Basingstoke, UK, RG21 4HG Information Commissioners Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF – 0303 123 1113
Sancus Finance Limited Data Controller, Belvedere House, Basingview, Basingstoke, RG21 4HG Information Commissioners Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF – 0303 123 1113
Ireland Sancus BMS (Ireland) Data Controller, Dublin Harcourt Centre, Block 4, Harcourt Road, Dublin 2 Data Protection Commissioner Canal House, Station Road, Portalington, R32 AP23 – +353 57 8684800

Cookies

Cookies contain information that is transferred to your computer. Some of the Cookies we use are essential for the web-site to operate. Some Cookies allow us to recognise and count the number of visitors and to see how visitors move around the site when they’re using it. This helps us to improve the way our website works and deliver a better and more personalised service, for example, by making sure users are finding what they need easily. We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer.

You may choose to block Cookies by activating the setting on your computer which allows you to refuse the setting of all or some Cookies. However, if you choose to block all Cookies (including essential Cookies) you will not be able to access your account on the web-site. Unless you have adjusted your browser so that it will refuse Cookies, our systems may issue Cookies when you visit our site.

We use the following Cookies

_ga, _gat, and _gid. These are used to track and report website traffic. For further information please see Google Analytics https://bit.ly/1dm9wka

wordpress_test_cookie. Used to test that cookies are enable on your browser. For further information please see WordPress https://bit.ly/29et29g

Wordfence_verifiedHuman and wfvt_random. Used to verify the user is a person and not a bot or security threat. For further information please see Wordfence https://bit.ly/2dBpSit

Changes to this policy

We keep our privacy policy under regular review and any updates will be included on this web-page.

This privacy policy was last updated on 11th June 2018.