Pivot Lending Limited, Pivot Finance LLP Limited and affiliated companies (“Pivot”) need to collect and use certain types of information about individuals who come into contact with Pivot in order to carry on our work. The purpose of this policy is to ensure that Pivot:
Complies with Data Protection Act 1998 and good practice
Protects the rights of individuals
Is open and transparent about how it processes and stores individuals’ data
2. The Data Protection Act 1998
The Data Protection Act 1998 is designed to protect individuals and personal data, which is held and processed on their behalf. The Act defines the individual as the ‘data subject’ and their personal information as 'data'. These are further defined:
Data Subject: any living individual who is the subject of personal data whether in a personal or business capacity.
Data: any personal information, which relates to a living individual who can be identified. This includes any expression of opinion about the individual.
Data: information stored electronically i.e. on computer, including word processing documents, emails, computer records, CCTV images, microfilmed documents, backed up files or databases, faxes and information recorded on telephone logging systems.
Manual records: records which are structured, accessible and form part of a 'relevant filing systems' (filed by subject, reference, dividers or content), where individuals can be identified and personal data easily accessed without the need to trawl through a file.
Data controller; a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
3. The information we may collect about you
(a) When you access, browse this website (including when you submit personal information to us through data entry fields on the website), continue to use this website and through our application or verification processes, we may collect information from you, which may include the following personal information:
(i) your name; (ii) your current and previous postal addresses;
(iii) your phone, fax and e-mail details;
(iv) your date of birth;
(v) your passwords and security question answers;
(vi) correspondence with us by email and post;
We may also collect:
(viii) financial information (including bank or building society account details and details of debit cards used in relation to our services);
(ix) sensitive information (such as any medical information you disclose to us (although we will always get specific permission from you before recording this type of information);
(ix) information you provide in our application processes (including, if you are a borrower, agent or investor, certain personal, identity, contact and financial information about directors, partners, members, shareholders, beneficial owners and guarantors);
(x) data about your activities using Pivot, including information about your computer (for example, your IP address, operating system and browser type): for more information please see our Cookies policy below.
(b) We may also obtain information about you from third parties including credit reference agencies, fraud prevention agencies, insolvency practitioners, debt advisers, tracing agents, commercial databases, marketing databases, public records and other publicly available information sources, including information about your business or company (e.g. previous credit applications, personal credit information, electoral register and fraud prevention information).
(c) If you give us false or inaccurate information and we suspect or identify fraud, we will record this.
(d) If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies
4. How we may use your information
Your information will be used to provide you with information and services that you request from us, to enable us to provide you with information that we feel may be of interest to you and for other legitimate business purposes. This may include for the purposes of assessing your application, opening and maintaining accounts, verifying your identity, transferring or receiving money and, if you are a borrower, enforcing loan provisions or tracing you in the case of a default. Where you have consented to us doing so, we may use your information to contact you about our products and services we think may be of interest to you and may provide your details to carefully selected third parties for the same purpose.
We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
(i) checking details on applications for credit and credit related or other facilities
(ii) managing credit and credit related accounts or facilities
(iii) recovering debt
(iv) checking details on proposals and claims for all types of insurance
(v) checking details of job applicants and employees
Please contact us if you want to receive details of the relevant fraud prevention agencies.
We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
(d) We may also collect anonymised details about visitors to the website for the purposes of aggregate statistics or reporting purposes and to calculate referral fees. However, no single individual will be identifiable from the anonymised details we collect or disclose for these purposes.
5. How we may share the information we collect about you
Information you provide may be shared with the Pivot Group and certain of our service providers. We may disclose your information to third parties where you have consented for us to do so, where we are under a legal, regulatory or professional obligation to do so, or where we merge, reorganise or transfer all or part of our business we may disclose information to successors of the business.
6. Where you have provided us with information about other people
7. What credit reference and fraud prevention agencies do
For a detailed Guide to the use of your personal and business data by Credit Reference and Fraud Prevention Agencies please click here
8. Data Storage
Where data is stored on paper or is usually stored electronically but has been printed of for, it should be kept in a secure place where unauthorised people cannot see it or gain access to it, the following guidelines should be followed by all employees:
When not required, the paper or files should be kept in a locked draw or filing cabinet.
When draws have been locked, keys should be removed and stored in the key safe.
Data printouts should be shredded and disposed of securely when not required.
Employees should make sure that paper and print outs are not left where unauthorised people can see them e.g. on top of a printer.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Data should be protected by strong passwords that are changed regularly and never shared between employees.
If data is stored on removable media (like CD or DVD), these should be kept locked away securely when not being used. Data held on removable devices should be encrypted.
Data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing service that meets legal requirements and is appropriately encrypted.
Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures.
All servers and computers containing data should be protected by approved security software and a firewall.
9. Data accuracy
The law requires Pivot to take reasonable steps to ensure data is kept accurate and up to date. It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible:
Data will be held in as few places as necessary. Employees should not create any unnecessary additional data sets.
Employees should take every opportunity to ensure data is updated. For instance by confirming a customer’s details when they call.
Data is updated as inaccuracies are discovered. For example, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.
10. Data transferring
It may sometimes be necessary to transfer personal information overseas. In these circumstances, personal information will be transferred as follows:
To those countries within the European Economic Area (EEA); or
To those countries on the European Commissions' list of countries that have an adequate level of protection; or
To companies in countries not referred to above where we have a data protection agreement in place that is based on the Data Protection Model Clauses of the European Commission.
Any transfers made will be in full compliance with all aspects of the Data Protection Act 1998.
and appropriately encrypted.
Where personal data is to be transmitted via email or fax appropriate steps must be taken to protect the data. This may include, for instance, confirming that the person is available to receive the fax and encrypting or password protecting personal data being transmitted.
11. Preventing direct marketing
Pivot recognises that individuals have the right to prevent their personal data being processed for direct marketing. If an individual wants to prevent their personal data being used in this way they should write to the CEO of Pivot Lending Ltd. Once this notice has been received Pivot will comply with the request within a reasonable time. In normal circumstances electronic communications should stop within 28 days of receiving the notice, and postal communications should stop within two months.
12. Correcting inaccurate personal data
Pivot acknowledges individuals rights under the Data Protection Act 1998 to delete and/or correct data held by Pivot if it is proven to be inaccurate, excessive or out of date. If an individual is concerned about the accuracy of the data Pivot holds on them they should contact Pivot via the website the CEO of Pivot Lending Ltd. Pivot will consider whether the data is incorrect and if so if it should be corrected or deleted. Whilst the matter is being resolved the data under review will be recorded as being in dispute.
13. Subject access requests
Pivot acknowledges individuals rights under the Data Protection Act 1998 to access any personal data held on our systems and in our files upon their request. All individuals who are the subject of personal data held by Pivot are entitled to be:
told whether any personal data is being processed;
given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
given a copy of the information comprising the data; and given details of the source of the data (where this is available).
If an individual or appropriately authorised person on their behalf contacts Pivot requesting this information, this is called a subject access request. Subject access requests from individuals should made in writing to the CEO of Pivot Lending Ltd.
The data protection officer will provide the relevant data promptly and within 20 calendar days.
14. Data Controllers obligations
Pivot will follow the Code of Practice issued by the ICO when developing policies and procedure in relation to data protection. Pivot will ensure that Data Processing Agreements are applied to all contracts and management agreements where Pivot is the data controller contracting out services and processing of personal data to third parties (data processors). Pivot will ensure this agreement clearly outlines the roles and responsibilities of both the data controller and the data processor.
Pivot will adhere to and follow the 8 principles of data protection when conducting surveys, marketing activities etc., where Pivot collects, processes, stores and records all types of personal data.
Complaints relating to breaches of the Data Protection Act 1998 and/or complaints that an individual’s personal information is not being processed in line with the 8 principles of data protection will be managed and processed by the data protection officer.
All complaints of dissatisfaction will also be processed in accordance with Pivot’s Complaints Process and should be sent to:
CEO, Pivot Lending Ltd.
16. Confidentiality and information sharing
Pivot will only share information in accordance with the provisions set out in the Data Protection Act 1998. Where applicable, Pivot will inform individuals of the identity of third parties to whom we may share, disclose or be required to pass on information to, whilst accounting for any exemptions which may apply under the Data Protection Act 1998.
In certain circumstances, The Data Protection Act 1998 allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, Pivot will disclose requested data. However the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.