John Grant Limited – Data Protection (GDPR) (Privacy) Policy
Personal data is any information relating to an identified or identifiable living person. John Grant Limited processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this statement.
WHAT INFORMATION DO WE GATHER?
To be able to provide you with the best service possible, we will need to gather certain personal information from you when you contact or interact with us. We will also use this information for security, identification and verification purposes.
We will only ever collect information that helps us provide our services to you. We will keep your information for as long as is needed and only for the following purposes:
When you make an enquiry with us about any of the services we offer, we’ll ask you to provide some contact information. This may include some or all of the following:
If you give personal information about someone else (such as a joint applicant), you must have their permission to do so.
Once we have gathered information from you and you subsequently make contact with us, we will use specific pieces of your information to help us identify you and verify that we are dealing with the right person.
Where we offer other products such as insurance, we will need to collect and process information that is “sensitive”. This type of information includes details about your health and any criminal convictions you have. Before we gather this type of information we will explain to you why it is required and will always store this information securely.
Throughout your relationship with us, we will hold your personal information securely in our systems. This will include any information provided by you or others (for example, if you’re making a joint application) in various ways, including (but not limited to):
If there is a change to any of your personal information and you notify us, we will update your records in our systems. Where we have introduced you to another organisation, we are unable to update your details with them and you will need to contact them personally to notify them of these changes.
If someone gives information about you – or you give us details about someone else – we may add it to the personal information we already hold about you or them. This will only be used in the ways we describe in this privacy notice.
When arranging a mortgage or insurance for you, we will need to ask you for your direct debit details to pass onto the lender or insurance provider so it can collect payments. Where we charge a fee for arranging a mortgage, or the mortgage we are arranging carries a cost – for example, a valuation fee – we will need to ask you for payment information such as your debit card or credit card details.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use your personal information in various ways.
We will use it to confirm that you are who you say you are when you contact us. We will use it to verify your name and address by checking your details against our databases and to check against information held by credit reference agencies and the electoral roll. We will also use the personal information we gather from you to formulate our advice and recommendations for the services we offer and to submit applications to lenders and product providers.
Before we submit any transaction to a lender or product provider, the law requires us to have verified your identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone’s identity is an important way of fighting money laundering and other criminal activities. We will therefore also ask you to provide us with documents that confirm your identity.
The law requires us to comply with a number of regulations. Where necessary, we use your personal data to allow us to fulfil our legal and regulatory requirements.
We will only share personal information with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards. We use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with these third parties:
Your personal data may be transferred to these authorised parties:
Third party organisations that provide IT services and applications, administrative functions and support.
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
Auditors and other professional advisers.
We engage auditors and professional advisers to perform specific work that helps us meet our legal, regulatory and statutory responsibilities. Any auditors or professional advisers that we use will have contractual arrangements and security mechanisms in place to protect data and to comply with our data protection, confidentiality and security standards
Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
We perform anti-fraud, credit and security checks using your details and receive information about you from other sources (such as credit reference agencies) which will be added to the personal information which we already hold about you.
We may use your information for fraud investigation, detection and prevention measures. We may also use your information for the investigation, detection and prevention of crime (other than fraud).
Sometimes we may pass your information on to third parties who provide services to us. When we do this it is on the understanding that they care for your information as carefully as we do, keep it confidential and use it only for the agreed purposes above.
What is the legal basis for handling personal information?
We rely upon this basis because you will provide us with your personal data as you want to use our services. This means that our use of your information is governed by contract terms. It is your choice to give us this information, however if you choose not to provide it, we may not be able to offer some or all of the services you require.
We require this information in order to understand your needs and provide you with a better service and in particular for the following reasons:
Legitimate interest –
We rely on this basis for processing personal data for the following benefits:
Under Data Protection Regulations individuals have a number of rights. These include:
We will not charge for initial requests to provide information but may charge a fee if requests for further copies of the same information are made. We will provide the requested information to you within 1 month of receiving your request, unless the request is complex or numerous in which case we may extend this period by up to a further 2 months.
Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to provide the information requested or refuse to respond. In these instances we will inform you and explain our reason.
Before complying with any request we will take steps to verify the identity of the person making the request.
We are regulated by the FCA and are required to retain records that demonstrate the advice we provide to our customers. These records contain personal information and data that enables us to formulate our advice. We will not remove or delete any personal information or data until such time as our regulatory obligation has been fulfilled in respect of each transaction or piece of advice.
Automated decision making
Sometimes it is necessary for us to approach a lender to obtain an initial decision for a mortgage (DIP or AIP). To obtain a DIP we may process your personal information through a lender's automated decision making system which will provide an initial lending decision based on logic/algorithms programmed into it. We will always gain your consent before completing a DIP. Whilst we don’t set or determine the logic/algorithms used in the automated decision system we can put you in touch with the respective lender should you require it.
To exercise any of your rights you can contact us as detailed below:
Data Protection Officer
John Grant Limited
7 High Street
Call: 028 91 828 100
We take privacy and your personal information very seriously. If you ever feel you need to complain about how we have handled your personal information and data you can also contact us at the above address.
If your complaint is about the administration or terms and conditions of a product sold by us but provided by a lender/insurer you may need to contact them about it. If needed we will forward details of your complaint to the party concerned as well as giving them your contact details.
If you’re still unhappy with any aspect of how we handle your personal information, you also have the right to contact the Information Commissioners Office (ICO). The ICO is the UK’s independent body set up to uphold information rights. You can contact it as follows:
In writing: Information Commissioners Office
Call: 0303 123 1113
How do we keep your personal information secure?
At John Grant Limited we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your private data from being accessed, used or disclosed in any way it shouldn’t be. The security arrangements we’ve put in place include physical, organisational and technological measures and controls.
We regularly review our policies and procedures to make sure they remain relevant.
How long do we keep your personal information for?
We’ll keep your personal information securely stored for as long as we need it to provide you with the services you want from us. We also keep it to comply with our legal and regulatory obligations and to help us resolve and issues or disputes that may arise.
Depending on what information we hold and what products or services you are signed up to we may need to retain certain details for longer than others. In every case we regularly reassess whether we need to hold your personal information and securely dispose of any information that we no longer need.