Your privacy’s important to us and we go to great lengths to protect it. This privacy notice tells you about the personal data we hold about you and it explains how we may collect, use and share your details and tells you about your rights under data protection laws.

For the purposes of data protection law, we are a data controller in respect of your personal data. We collect and use your personal data and where applicable this may include information related to your spouse/partner, directors, partners and owners (your “representatives”). Sandfield Capital is responsible for ensuring that it uses your personal data in compliance with data protection law.

We are Sandfield Capital Limited (also referred to as ‘Sandfield”, ‘we’, ‘us’ or ‘our’) and our registered office is at C/O O'Connors, The Plaza, 100 Old Hall Street, Liverpool, England, L3 9QJ Our company registration number is 11136768.

We are registered with the Information Commissioner’s Office and our registration number is ZA448743.

What do we mean by "Personal Information"?

“Personal information” means information that relates to you as an individual, whether linked to your name or any other way which you could be identified, such as your driving licence number or your Loan account number.

Certain types of personal information are considered to be “special categories of information” due to their more sensitive nature. Sometimes we will ask for or obtain special categories of information because it is relevant to your Loan application. For example, to assess risk appropriately, we may ask our customers about their previous credit history. This Privacy Notice highlights where we are likely to obtain special categories of information, and the grounds on which we process this data. We will only process special categories of information where they are relevant.

Special categories of information are Information about your health, criminal convictions, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership.

How we use your personal information

The personal information that we collect will depend on our relationship with you. We have included a number of sections below – simply read those which most apply to your relationship with us.

In the case of joint legal claims we may hold data on any joint party to the claim. The loan will remain a sole product and the data of the joint party will be held for information purposes only.

If you provide personal information to us about other people you must provide them with a copy of this Privacy Notice, and obtain relevant consent from them where we have indicated in this Privacy Notice that we need it.

If you have made an application for a loan or have a loan with us

This section shows what personal information we collect about you and use if you are either: a prospective customer and have submitted your personal information so that we can provide you with a quote for a loan, or you are an existing customer.

In addition to the information provided to us by you when an application is made, we will obtain information about you during the lifetime of your loan.

What personal information may we collect and where will we collect it from?

We may collect the following information provided by you by phone or web:

  • Individual details: Your name, address, former address, contact details (e.g. email /telephone), gender, marital status, date of birth, nationality, length of time as a UK resident.
  • Employment information: Your job title and the nature of the industry you work in.
  • Identification details: Your driving licence number and passport number.
  • Income and household financial
  • Criminal convictions: Which are unspent under the Rehabilitation of Offenders Act.
  • Marketing preferences: Where relevant, including whether you have requested not to receive marketing information.
  • Website usage, including Cookies: See section below for details.
  • Other information: that we capture during recordings of our in-bound and out-bound telephone calls, or if you make a complaint. This may include special categories of information you volunteer when communicating with us (we will not further process these without your explicit consent).

Before we provide services or financing to you, we may undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you. We use external sources to supplement and verify the information above, and also to provide the following new information:

  • Credit and anti-fraud data: Credit history, credit score, sanctions and criminal offences, bankruptcy orders, individual voluntary arrangements (IVAs) or county court judgements, and information received from various anti-fraud databases. Some of this information (e.g. criminal offences) may include special categories of information relating to you.
  • Demographic data: Lifestyle indicators such as income, education, and size of your household.
  • Open source data: Other information about you which is publicly available.

The external sources that provide us with information about you include:

  • The applicant.
  • Other third parties involved in the loans application process such as Claims Management companies and solicitors.
  • Credit reference agencies.
  • Financial crime detection agencies and lending industry financial crime databases (such as for fraud prevention and checking against international sanctions) including Cifas.
  • Government agencies and regulators.
  • Publicly available sources (e.g. the electoral roll, court judgments, insolvency registers, internet search engines, news articles) and sources licenced under the Open Government Licence.

What will we use your personal information for?

We may process your personal information for a number of different purposes. We must have a legal ground for each purpose, and we will rely on the following grounds:

  • We need your personal information because it is necessary to enter into or perform a contract.
  • We have a legitimate interest to use your personal information (e.g. to keep a record of the decisions we make when different types of applications are made, keep business records, carry out strategic business analysis, review our business planning and/or develop and improve our products and services). When using your personal information in this way, we will always consider your rights and interests.
  • We have a legal or regulatory obligation to use your personal information (e.g. to meet record-keeping requirements of our regulators).

For special categories of information, we must have an additional legal ground for processing. We will rely on the following:

  • You give us explicit consent to use this type of information.
  • It is in the substantial public interest and it is necessary: to prevent and detect an unlawful act (e.g. fraud).
  • To establish, exercise or defend legal claims (e.g. legal proceedings are being brought against us or we want to bring a legal claim ourselves).

Who will we share your personal information with?

On occasion, we may share personal information with the following third parties:

  • Credit reference agencies.
  • Providers of demographic data.
  • Financial crime detection agencies and loans industry financial crime databases (such as for fraud prevention and checking against international sanctions) including Cifas, the National Fraud Database.
  • Government agencies and bodies such as HMRC, Department for Work & Pensions, or regulators (e.g. Financial Conduct Authority).
  • Other third parties involved in the loan application process.
  • Third party suppliers we appoint to help us carry out our everyday business activities including IT suppliers, subcontractors, and any outsourced service centre providers.
  • The police and other crime prevention and detection agencies. We and fraud prevention agencies may enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
  • Selected third parties in connection with any sale, transfer or disposal of our business.
  • To our professional advisers in order to enforce or apply the terms of use and other agreements you have with us.
  • To an insurer (including insurers in connection with insured products and services) or insurers for administration.
  • To claims handling partners or any broker or introducer of an agreement with us.
  • To any guarantor.
  • To any funder in order to enable funders to assess the value of our assets.
  • If we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes.
  • With your consent, to third party affiliates who may wish to offer you products and services which may be of interest to you.
  • If we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third-party buyer.

Any third parties will be subject to confidentiality requirements and they will only use your personal data as described in this Privacy Notice.

We may also share your personal data outside of Sandfield Capital Limited to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation including but not limited to disclosures made to Credit agencies and Companies House; and to establish, exercise or defend our legal rights.

Information Shared with Credit Reference Agencies

We will perform initial “soft search” credit checks through one or more Credit Reference Agencies for initial enquiries to help establish suitability and Approval in Principle.

For cases where we are assessing a loan application that will be funded by us, a full credit assessment may be made with one or more Credit Reference Agencies.

In the cases where credit referencing is undertaken the following will apply;

  • A customer’s loan application may be registered on the customer’s credit report under the name Sandfield Capital . Should customers require more information on any Credit Reference Agency we work with they can visit the relevant CRA website. We may undertake a search with at least one of the aforementioned agencies when customers apply for credit thereby reviewing a customer’s credit record as well as anyone financially associated with the customer. The agency will keep a record of this search and may place a "footprint" on the customer’s file, whether or not the application proceeds.
  • Information we and other organisations provide to the CRAs may be used by us and them to;
    • help make decisions when checking applications, managing credit related accounts and facilities, recovering debt, checking on insurance claims, checking job applicants.
    • detect and prevent money laundering, crime and fraud.
    • verify identity.
    • trace customer’s whereabouts.
    • undertake research, statistical analysis and system testing.

Any third parties will be subject to confidentiality requirements and they will only use your personal data as described in this Privacy Notice.

We may also share your personal data outside of Sandfield Capital Limited to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation including but not limited to disclosures made to Credit agencies and Companies House; and to establish, exercise or defend our legal rights.

Information shared with Cifas

Before we provide services, goods or financing to customers, we may undertake checks for the purposes of preventing fraud and money laundering, and to verify identity. These checks require us to process personal data about our customers.

The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details and device identifiers including IP address.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested. Cifas has published its assessment of the legitimate interests in relation to the National Fraud Database.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to "international frameworks" intended to enable secure data sharing. Cifas has published more information about data transfers.

Suppliers And Partners

What personal information we may collect and where will we collect it from?

In order to work effectively with you and for ongoing due diligence purposes, we will need to collect some personal information from you which may include:

  • Individual details: Your name, address, contact details (e.g. email / telephone).
  • Employment information: Your job title and the nature of the industry you work in (including potentially previous roles).
  • Identification details: Items to verify your identity, residency, address, driving licence details. All of this information will be obtained from you, but can contain special categories of information (e.g. a driving licence may show details of any motoring convictions).
  • Criminal convictions: Which are unspent under the Rehabilitation of Offenders Act. This includes both motoring and non-motoring offences / alleged offences which you have committed, or any court sentences which you are subject to. All of this information will be obtained from you, but may contain special categories of information.
  • Other information: That we capture during recordings of our telephone calls, or if you make a complaint. This may include special categories of information you volunteer when communicating with us (we will not further process these without your explicit consent).

We use external sources to supplement and verify information the information above, and also to provide the following new information:

  • Credit and anti-fraud data: Credit history, credit score, sanctions and criminal offences, bankruptcy orders, individual voluntary arrangements or county court judgements, and information received from various anti-fraud databases. Some of this information (e.g. criminal offences) may include special categories of information relating to you.
  • Open source data: unstructured data which is in the public domain, including social media, about you or your company, as part of our due diligence checks.

The external sources that provide us with information about you include:

  • Publicly available sources such as the electoral roll, court judgments, insolvency registers, internet search engines, news articles and social media sites.
  • Financial crime detection agencies and lending industry databases (such as for fraud prevention and checking against international sanctions).

What will we use your personal information for?

We may process your personal information for a number of different purposes. We must have a legal ground for each purpose, and we will rely on the following grounds:

  • We need to use your personal information because it is necessary to enter into or perform the contract that we hold with you (e.g. we may need certain information in order to operate our business partnership arrangement).
  • We have a legitimate interest to use your personal information such as maintaining our business records, keeping records of loan agreements and business entities we interact with, and analysing and improving our business model and services. When using your personal information in this way, we have considered your rights and ensured that our business need does not cause you harm.
  • We have a legal or regulatory obligation to use such personal information (e.g. we may be required to carry out certain background checks).

For special categories of information, we must have an additional legal ground for processing. We will rely on the following:

  • You have given us your explicit consent to our use of your special categories of information.
  • We need to use your special categories of information< for purposes relating to managing our business relationship with you there is a substantial public interest in such use. Such purposes include preventing and detecting fraud.
  • To establish, exercise or defend legal rights (e.g. legal proceedings are being brought against us or we want to bring a legal claim ourselves).

Use of Our Website

What personal information we may collect and where will we collect it from?

We may use various software including cookies and tags to improve your digital journey and to identify and prevent fraud. We collect and store information about how you access and use our website (including the website you visited before coming to our websites). We automatically receive the IP address of your computer, mobile device, or the proxy server you use to access the Internet and this may include information to identify your browser or device to analyse web traffic.

Fraud prevention cookies collect information about certain features of your device, such as your IP address, device type, browser type, screen resolution and operating system. This is to prevent and detect devices associated with fraudulent or other malicious activity and allows us to authenticate your account.

What will we use your personal information for?

We may process your personal information for a number of different purposes. We must have a legal ground for each purpose, and we will rely on the following ground:

  • We have a legitimate interest to use your personal information such as maintaining our business records, monitoring usage of our website and marketing our services and improving our business model and services. When using your personal information in this way, we have considered your rights and ensured that our business need does not cause you harm.

What is our approach to sending your personal data abroad?

Sometimes we may transfer personal information that we collect about you to countries outside of the European Economic Area (“EEA”).

Where a transfer occurs we will take steps to ensure that your personal information is protected. We will do this using a number of different methods including:

  • Some countries have been deemed by the UK to have adequate privacy legislation and are then deemed to be equivalent to processing within the UK.
  • Putting in place appropriate contracts. We will use a set of contract wording known as the “standard contractual clauses” which has been approved by the data protection authorities.
  • Transferring personal data only to those companies in the United States who are certified under the “Privacy Shield”. The Privacy Shield is a scheme under which companies certify that they provide an adequate level of data protection.

Marketing

We take privacy very seriously and will only use your personal information for the purposes laid out in this Privacy Notice. When you have made an application or taken a loan from us, we can contact you about similar products and services unless you have opted out. We will contact you about marketing – for example, to offer other services or to ask if you want to take part in a competition we might run.

You are free to object to receiving any marketing material and can edit your marketing preferences at any time. To opt out of marketing communications please click “unsubscribe” on any marketing message we send you or call in to change your preferences.

Please be aware that we have a legitimate interest to be able to contact you to discuss how your loan is being administered. This form of contact falls outside of your marketing preferences and must continue in order for us to be able to provide you with a loan effectively. This will never include marketing material and all information will be strictly related to your loan.

How long do we keep your personal information for?

We will keep your personal information for as long as reasonably necessary to fulfil the purposes set out in section 3 above and to comply with our legal and regulatory obligations. We have a detailed retention policy in place which governs how long we will hold different types of information for. The exact time period will depend on the purpose for which we collect that information, for example:

  • Loan Information and data: 6 years after a loan is settled and no further action on the account is required. For applications that are not completed we will keep information for 12 months.
  • Complaints: 6 years after the complaint has been closed.

Please note that in the circumstances of the prevention or detection of crime and the apprehension or prosecution of offenders Sandfield and agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to 6 years.

Automated processing

If a human is involved in the decision at any point then it is not considered an automated decision. Where we have to make a decision about your loan and as part of the agreement decision process we may make decisions using automated processing. The process considers the information that you provide us as well as information from other sources to determine whether your application for a loan can be accepted and the rate of interest charged.

The automated decisions include:

  • The creation of pricing models and risk acceptance criteria.
  • The application of the pricing and risk models using data we hold about you, to accept or decline your request for a loan and to calculate the rate of interest applied.
  • Assessing the risk of fraud being committed on your account.

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.

How we protect your information

The protection of your personal data is important to us. We take a number of technical and procedural measures to protect personal data. For example:

  • Where we capture your personal information through our website, we will do this over a secure link using recognised industry standard technology (SSL) which encrypts data that is transmitted over the internet. Most browsers will indicate this by displaying a padlock symbol on the screen.
  • We prevent unauthorised electronic access to servers by use of suitable firewalls and network security measures. We use strong internal antivirus and malware monitoring tools and conduct regular vulnerability scans to protect our internal infrastructure and also to protect communications we may send you electronically. Our servers are located in secure datacentres that are operated to recognised industry standard. Only authorised people are allowed entry and this is only in certain situations.
  • We ensure that only authorised persons within our business have access to your data and conduct regular checks to validate that only the correct people have access. We promote responsible access to data and segregate who can see what data within Sandfield Capital.
  • Internally in our organisation, we have password policies in place which ensure passwords are strong and complex and are changed regularly.
  • We use secure email exchange where necessary for sensitive data and have monitoring on all email we send and receive.
  • We schedule periodic checks of all security measures to ensure they continue to be efficient and effective, taking into account technological developments.

Your rights

Under data protection law you have a number of rights in relation to the personal information that we hold about you. You can exercise these rights by contacting us. We will not usually charge you in relation to a request.

The right to access your personal information

You are entitled to a copy of the personal information we hold about you and certain details of how we use it. We will usually provide your personal information to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal information will be provided to you by electronic means where possible.

The right to rectification

We take reasonable steps to ensure that the information we hold about you is accurate and where necessary up to date and complete. If you believe that there are any inaccuracies, discrepancies or gaps in the information we hold about you, you can contact us and ask us to update or amend it.

The right to erasure

This is sometimes known as the ‘right to be forgotten’. It entitles you, in certain circumstances, to request deletion of your personal information. For example, where we no longer need your personal information for the original purpose we collected it for or where you have exercised your right to withdraw consent. Whilst we will assess every request, there are other factors that will need to be taken into consideration. For example we may be unable to erase your information as you have requested because we have a regulatory obligation to keep it.

The right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.

The right to data portability

In certain circumstances, you can request that we transfer personal information that you have provided to us to a third party.

The right to object to marketing

You have control over the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time. You can do this either by clicking on the “unsubscribe” button in any email that we send to you or by contacting us. Please note that even if you exercise this right because you do not want to receive marketing messages, we may still send you service related communications where necessary.

The right to object to processing

In addition to the right to object to marketing, in certain circumstances you will also have the right to object to us processing your personal information. This will be when we are relying on there being a legitimate interest to process your personal information. Please note, in some circumstances we will not be able to cease processing your information, but we will let you know if this is the case.

Rights relating to automated decisions

If you have been subject to an automated decision and do not agree with the outcome, you can ask us to review it.

The right to withdraw consent

Where we rely on your consent in order to process your personal information, you have the right to withdraw such consent to further use of your personal information. Please note that for some purposes, we need your consent in order to manage your loan. We will advise you of any issues this may cause at the point you seek to withdraw your consent.

The right to lodge a complaint with the ICO

You have a right to complain to the Information Commissioner’s Office if you believe that any use of your personal information by us is in breach of applicable data protection laws and / or regulations. More information can be found on the Information Commissioner’s Office website: www.ico.org.uk. This will not affect any other legal rights or remedies that you have.

Please note, there may be some circumstances where we cannot comply with your request such as where complying with it would mean that we couldn’t comply with our own legal or regulatory requirements. In these instances we will let you know why we cannot comply with your request.

Automated processing

You may contact our Data Protection Officer if you would like to exercise the rights set out above, or if you have any questions about how we collect, store or use your personal information, Write to:

‘The Data Protection Team’ at Sandfield Capital Limited, C/O O'Connors, The Plaza, 100 Old Hall Street, Liverpool, England, L3 9QJ

or

Email: enquiries@sandfieldcapital.com

Updates to this Privacy Notice

We may need to make changes to this Privacy Notice periodically, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally or where we identify new sources and uses of personal information (provided such use is compatible with the purposes for which the personal information was original collected). The Data Protection Officer will ensure that this document is updated regularly or as legislation requires.


Sandfield Capital Limited is registered in England and Wales with registration number 1136768 and its registered office is C/O O'Connors, The Plaza, 100 Old Hall Street, Liverpool, England, L3 9QJ
Sandfield Capital Limited is authorised and regulated by the Financial Conduct Authority under Firm Reference Number 805416.