DAC PRIVACY NOTICE
BZ COMMERCIAL FINANCE DESIGNATED ACTIVITY COMPANY
Under the General Data Protection Regulation (Regulation 2016/679/EU) (the “GDPR“) and the GDPR as amended and incorporated into UK law under the European Union (Withdrawal) Act 2018 and applicable secondary legislation made under that Act (the “UK GDPR“), we are required to provide you with certain information about who we are, how we collect, use, store and process your personal data and for what purposes and your rights in relation to the protection of your personal data.
This information is provided in this Privacy Notice and it is important that you read that information. Details of how to exercise your data protection rights can also be found in this Privacy Notice.
Who we are
We are BZ Commercial Finance Designated Activity Company (company registration number: 653918) and our registered office address is at 5th Floor, The Exchange, George’s Dock, IFSC, Dublin 1, Ireland, D01 W3P9.
We are committed to protecting the privacy of the data subjects whose data we process. We want to provide a secure environment within which we will process your personal information. This means that information that identifies you personally such as your name or contact details or data that can be linked with such information in order to identify you will be protected at all times.
If, at any time, you have any concern about how your personal information is being processed by us, please let us know at 5th Floor, The Exchange, George’s Dock, IFSC, Dublin 1, Ireland, D01 W3P9.
- What personal information do we collect about you?
- How do we use your personal information?
- How we secure your data?
- How long do we keep your personal information for?
- With whom do we share your personal information?
- Do we make automated decisions concerning you?
- Do we transfer your personal information outside the EEA or UK?
- What are your rights?
- How will we contact you?
- How can you contact us or get more help?
What personal information do we collect about you?
Types of personal information
We collect and use many different kinds of personal information. The personal information we may collect about you is listed below so you can see what we may know about you.
- Contact Details: Your name, address and contact information.
- Age: Your date of birth and/or age.
- Social: Your marital status, family, etc.
- Communications: Details and content of any communications and conversations between us.
- Documentary: Details about you that are stored in documents in different formats or copies of them(for example, your passport, driving licence or birth certificate if this is necessary for us to comply with our legal and regulatory requirements).
- Financial: Your employment status, financial position, salary, any other sources of income and any savings you might have.
- Contractual data: Details and data relating to your loans that we have acquired from you.
- Financial commitments: Your household expenditure, existing borrowings, loans, and any personal data about your credit history that we may obtain.
- Special categories of data: The law treats some types of personal information as sensitive. We will only collect and use this information if necessary and the law allows us to do so. This personal information may include your racial or ethnic origin, sexual orientation, religious beliefs, trade union membership, health data and criminal records.
Where we collect your personal information from
Generally, we collect and process your information in the following ways:
Information you give us, including but not limited to:
- When you talk to us on the phone, including recording calls and notes we may make.
- In your correspondence with us.
- In financial reviews and interviews.
Information we collect automatically when you correspond with us, including but not limited to:
- Payment and transaction data. This includes details of repayments and whether they are made on time and in full.
Information we receive from third parties, including but not limited to:
- Credit Reference Agencies.
- Fraud Prevention Agencies.
- Agents, suppliers, sub-contractors and advisers.
- Public information sources.
- Government and law enforcement agencies.
How do we use your personal information?
We collect and process your personal information for several purposes. The law states that for each purpose we must explain to you what legal grounds we are using to justify our processing. Where we process your personal information, we will have one of more of the following reasons:
- To provide a requested service or carry out a contract with you.
- Where we have a legal obligation.
- Where we have a legitimate interest.
- Where we have your consent.
When we have a business or commercial reason of our own to use your personal information, this is called a ‘legitimate interest’. Where we rely on legitimate interest for processing your information, we carry out a “balancing test” to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we proceed with such processing. You can find out more about the information in these balancing tests by contacting us using the details provided in this Privacy Notice.
Here are the legal grounds for processing your personal information that are relevant to us:
To provide a requested service or carry out a contract with you
- To manage our relationship and communicate with you.
- To administer and manage your loan and associated services including updating your records.
- To manage how we work with other companies that provide services to us and our counterparties.
- To manage fees, charges and interest related to your outstanding loans.
- To exercise our rights set out in agreements and contracts.
- To collect and recover money that is owed to us.
- Sharing your personal data with certain third-party service suppliers such as payment service providers.
Where we have a legal obligation
- To carry out, on an ongoing basis, identity and anti-money laundering checks and related actions considered appropriate to meet any legal obligations imposed on us relating to the prevention of fraud, money laundering, terrorist financing, bribery, corruption, tax evasion and to prevent the provision of financial and other services to persons who may be subject to economic or trade sanctions.
- To detect, investigate, report and seek to prevent financial crime.
- To comply with laws and regulations that apply to us.
- To establish, defend and enforce our legal rights.
- To deal with requests from you to exercise your rights under data protection laws.
Where we have a legitimate interest
- To manage our relationship with you.
- To determine whether, and if so, to what extent we may provide finance to you.
- To administer and manage your loan and associated services including updating your records.
- To test the performance of our services and internal processes.
- To manage and audit our business operations including accounting.
- To collect and recover money that is owed to us.
- To carry out credit searches.
- To run our business in an efficient and proper way. This includes managing our financial position, business capability and governance requirements.
- To study how customers use services from us and other organisations.
Where we have your consent
- We may also from time to time ask you for your consent for other purposes, which we will explain to you at the time.
We will not collect or use personal information that is considered by the law as a special category of personal data without your consent, unless the law allows us to do so. If we do, it will only be when it is necessary: (1) for reasons of substantial public interest, or (2) to establish, exercise or defend legal claims.
How we secure your personal data?
We take all reasonable steps to ensure that your personal data is stored and processed securely, and we also take appropriate security measures against unauthorised access to, or alterations, disclosure or destruction of your personal data, and against its accidental loss or destruction.
How long do we keep your personal information for?
We will keep your personal information only for as long as you are a customer of ours. We may keep your data for up to seven years after you cease to be a customer of ours. The reasons we may do this are:
- To respond to a question or complaint, or to show whether we gave you fair treatment.
- To study customer data as part of our own internal research.
- To comply with rules that apply to us about keeping records.
We may also keep your data for longer than seven years if we cannot delete it for legal or regulatory reasons.
After this time, we will securely erase your information.
Your personal information is important to us and we will make sure your privacy is protected.
With whom do we share your personal information?
- We may share your personal information with other parties in order to provide you with services, run our business and comply with rules that apply to us. These include the following:
- We may share your personal information with our affiliates and service providers, primarily for business and operational purposes.
- We may share your personal information with third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, IT consultants carrying out testing and development work on our business technology systems and function co-ordinators. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.
- We may share your personal information to our appointed representatives in connection with a contracted transaction between you and us, including solicitors, surveyors and valuers. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.
- We may also share your personal information with other organisations, including:
- Agents and advisers who we use to help run our business, collect what you owe and explore new ways of doing business;
- Credit reference agencies;
- Fraud prevention agencies;
- Credit Insurers;
- The Department of Business Innovation and Skills (or any successor Department);and
- Companies you ask us to share your personal data with.
Where required we may also share your personal information with third parties to comply with a legal obligation; when we believe in good faith that an applicable law requires it; at the request of governmental authorities conducting an investigation; to detect and protect against fraud, or any technical or security vulnerabilities; to respond to an emergency; or otherwise to protect the rights, property, safety, or security of third parties, visitors to the our website, our business or the public.
Do we make automated decisions concerning you?
No, we do not carry out automated decision-making.
Do we transfer your personal information outside the EEA or UK?
The only circumstances where we will send your data outside of the European Economic Area (“EEA”) or UK are:
- Where the transfer is necessary for important reasons of public interest or in the context of the establishment, exercise or defence of legal or regulatory proceedings.
- To work with our affiliates and service providers for purposes such as, debt collecting, processing, head office reporting, and statistical analysis.
If we do transfer your personal information outside the EEA or UK to our affiliates and service providers, we will make sure that it is protected to the same extent as in the EEA or UK (as applicable) either by:
- putting in place appropriate safeguards, for example, the EU Standard Contractual Clauses used alone or in combination with the UK’s International Data Transfer Addendum or the UK’s International Data Transfer Agreement (as applicable) with the recipient that means the recipient must protect the personal data to the same standard applied in the EEA or UK (as applicable); or
- transferring it to a non-EEA country territory that is subject to a current finding by the European Commission under the GDPR that the territory provides adequate protection for the privacy rights of individuals or a non-UK country territory that is subject to a current finding by the UK government under the UK GDPR that the territory provides adequate protection for the privacy rights of individuals.
You may contact us using the contact details provided in this Privacy Notice if you wish to obtain a copy of the data transfer agreement that will be used to document the transfers of personal data outside the EEA or UK, as described above.
What are your rights?
By law, you have a number of rights when it comes to your personal information. Please contact us using the contact details provided below to exercise any of your rights. Further information and advice about your rights can be obtained from the data protection regulatory authority in your country.
|Rights||What does this mean?|
|1. The right to be informed||You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Notice.|
|2. The right of access||
|3. The right to object to processing||You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).|
|4. The right to rectification||You are entitled to have your information corrected if it is inaccurate or incomplete.|
|5. The right to erasure||This is also known as ‘the right to be forgotten’. In simple terms this right enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.|
|6. The right to restrict processing||You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.|
|7. The right to data portability||You have rights to obtain and reuse your personal information for your own purposes across different services. For example, if you decide to switch to a new service provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.|
|8. The right to lodge a complaint||You have the right to lodge a complaint about the way we handle or process your personal information with your national data protection regulatory authority.|
|9. The right to withdraw consent||If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal information with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal information for marketing purposes.|
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
How will we contact you?
We may contact you by phone or email. If you prefer a particular means of contact over another please let us know.
How can you contact us or get more help?
If you have any questions about our Privacy Notice, or would like to exercise any of your rights, please contact us by writing to us at the address below:
- Address: 5th Floor, The Exchange, George’s Dock, IFSC, Dublin 1, Ireland, D01 W3P9.
If you are unhappy about any aspect of the way we collect, share or use your personal information, please let us know using the contact details above.
You also have a right to lodge a complaint with a supervisory authority, in particular in the member state of the European Union of your habitual residence, place of work or place where the alleged infringement occurred where you consider that the processing of personal data relating to you infringes the GDPR.
For your information, the relevant supervisory authority in Ireland is the Data Protection Commission (DPC). The DPC’s contact details are as follows:
- Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
- Telephone: 01 7650100 / 1800 437 737
- Website: https://www.dataprotection.ie/
The relevant supervisory authority in the United Kingdom is the Information Commissioner’s Office (ICO). The ICO’s contact details are as follows:
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, United Kingdom
- Telephone: 0303 123 1113
- Website: https://ico.org.uk