Privacy Policy
1. About Us
We are HS Credit (Birmingham) Ltd (“HS Credit”, “we”, “us”, “our”), a company incorporated in England and Wales with registration number 11233817 and registered office address at C/O Tmf Group 8th Floor, 20 Farringdon Street, London, United Kingdom, EC4A 4AB.
We are committed to keeping your personal data safe and secure and handling it in accordance with our legal obligations. This privacy notice sets out how and why HS Credit uses your personal data, who we share it with, what rights you have in relation to that data and everything else we think it’s important for you to know.
From time to time, and in particular when you provide us with additional personal information or add additional products, we may also provide you with additional service specific information about the use of your personal data which should be read alongside this notice.
2. When does this privacy notice apply?
This privacy notice applies whenever we collect and process “personal data” in connection with offering and administering loans. Much of the information that we collect in connection with our lending services relates to the borrower itself. Where the borrower is a company, a limited liability partnership or a trust, information about the business itself will not constitute “personal data”. However, where the business is a sole trader or
unlimited partnership, any information about that business is considered to be “personal data”. We also collect information about certain individuals who are connected to the borrower or the application and information about these individuals will constitute “personal data”.
This privacy notice therefore applies to:
- loan applicants/borrowers, where they are sole traders or unlimited partnerships; and
- other individuals whose personal details are provided to us in connection with the application or the loan, such as:
– directors;
– shareholders;
– authorised signatories;
– guarantors; and
– people who are financially linked to the borrower or any of the individuals above.
Where we say “you”, “your” etc. in this privacy notice, this means any of the persons above.
3. Who is in control of your personal data?
We are the “controller” of the personal data that we collect and use about you in accordance with this privacy notice. This means that we are responsible for deciding how and why your personal data is used and for ensuring that your data is handled legally and safely.
4. What personal data do we collect from you and how do we collect it?
We collect the following information when an application for a loan is made:
- Details about the borrower, such as:
– business name;
– registered number;
– registered address;
– business bank account details;
– details of your business’s financial position;
– details of existing loans;
– details of tax returns;
– assets and liabilities; and
– details of any reorganisations; - Details about shareholders, including names, telephone numbers and email addresses;
- Details about authorised signatories, including names, addresses, telephone numbers, email addresses, proof of address and identity documents such as passports;
- Details about guarantors, such as names (including previous names, if applicable), dates of birth, nationality, passport number, residency information, marital status, number of dependents, address, residential status, telephone numbers, email addresses, employment status, job title, salary (and other income), employer’s address or details of self-employment if applicable, information about repossessions, bankruptcy, outstanding taxes and claims and information about assets and liabilities.
- Details about other individuals who you have a financial link with. This may include people who you have joint accounts or policies with such as your partner/spouse, dependents, beneficiaries, guarantors or people you have commercial links to, for example beneficial owners, directors, shareholders, employees and officers of your company.
The information above is collected from the person who completes the loan application form. If you are completing information about someone else in the application form, you must provide that person with a copy of this privacy notice and ensure that they understand how we will use their personal data.
We also collect information on an ongoing basis, such as information about how you use our products and services, how you manage your loan (e.g. information about loan repayments and any arrears), account balance and any other information you share when contacting us with queries and comments.
We receive data from other sources, such as credit reference agencies (“CRAs”) and fraud prevention agencies, when we perform credit checks in order to process your loan application. Please see paragraph 6 below for more information about this.
If you have been introduced to us through a broker or intermediary, some of the information we hold about you (such as your name and contact details) will have been collected from that broker or intermediary.
We also collect data from publicly available sources such as online searches and Companies House. We use this data to inform our lending decisions, to the extent that such publicly available information is relevant and material to your creditworthiness.
5. What do we use your data for?
We process your personal data for a number of different purposes. Under data protection law, we can only process personal data if we have a “legal basis” to do so. We have to tell you the “legal basis” that we rely on in order to process your personal data.
The purposes for which we process your personal data, and the relevant legal bases, are set out in the table below:
6. How do we use credit reference and fraud prevention agencies?
We will search at CRAs for information on all loan applicants in order to process your application and assess your creditworthiness, verify your identity and prevent and detect criminal activity. To do this, we will provide information about you to the CRAs and they will provide us with information about you. This information includes information about the identity and contact details of the applicant, other information from the application, information about the applicant’s and any guarantors’ or other individuals’ financial situation and financial history, credit details, fraud prevention information and credit score.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time, information on funds going into the account, the balance on the account and, if you borrow, details of your repayments or
whether you repaid on time. We will also share information with CRAs if you give us false information and we identify fraudulent behaviour. CRAs will share your information with other organisations, for example other organisations that you ask to provide you with products and services.
Your data will also be linked to the data of any joint applicants or other financial associates as explained above. You can find out more about the identities of the CRAs, and the ways in which they use and share personal information at: www.experian.co.uk/crain/index.html, www.transunion.co.uk/crain and www.equifax.co.uk/crain.
We will also share information about you and anyone you have a financial link with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment.
7. Do we make any wholly automated decisions?
We do not make any significant decisions about you on the basis of solely automated processing. Whilst we do conduct credit checks, as set out above, the results of your credit check are not the only factor in our lending decisions.
8. Who do we share your data with?
As well as CRAs and fraud prevention agencies, we may also share your data with other third parties, including:
- companies within our group to enable our parent entities to exercise oversight of our business. In particular, we share personal data with our parent company in Malaysia, and that company’s parent company in Hong Kong, to support our underwriting decisions. Please see paragraph 9 below for further information about our transfers of personal data outside the EEA;
- debt collection agencies and tracing agents if we need to recover any debt owed to us;
- regulatory bodies and law enforcement agencies where we are required to do so for the purposes of exercising our rights or your rights and where we are compelled to do so by the relevant bodies;
- professional advisors acting for us, including lawyers, valuers, accountants and auditors;
- brokers and intermediaries if you have been introduced to us via a third party;
- market research organisations who we engage to conduct research to enable us to develop and improve our products and services;
- any other individuals who are relevant to the loan or have provided security, such as authorised signatories, shareholders and guarantors;
- any purchaser or potential purchaser of any part of our business or of the loan;
any entity that provides funding to us; and - any third party suppliers that provide us with services to support our business, such as hosting providers, software providers, IT support and maintenance providers, document storage and management services, receivers and repossession/recoveries agents.
9. Where is your data processed?
We will only send your data outside of the European Economic Area (“EEA”) (including, for the purposes of this privacy notice, the UK) in the following circumstance:
- to follow your instructions;
- to comply with a legal duty;
- to work with our suppliers, agents and advisers who we use to help run your accounts and services; or
- as set out above, to companies within our group who are based outside the UK and the EEA, including our group companies in Malaysia and Hong Kong to support our underwriting decisions. We have “standard contractual clauses” in place with those group companies to ensure that appropriate safeguards are in place to protect your personal data. “Standard contractual clauses” are sets of clauses that are approved by the European Commission as providing adequate protection for personal data. They require recipients of your personal data to treat your data with the same level of protection as we provide.
If we transfer personal data to suppliers outside the EEA, we ensure that either standard contractual clauses are in place or that another equivalent mechanism of protecting your personal data (such as the US “Privacy Shield” arrangement) is in place.
10. How long do we keep your personal data for?
We will keep your information for a maximum of six years from either the end of our business relationship with you or the date your application is declined.
11. What are your rights over your personal data?
You have a number of rights in relation to your personal data. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of identity before we can respond to any request to exercise the rights in this section and we may need to ask you for more information to help us locate the personal data your request relates to.
We will respond to any requests as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case, we will let you know as soon as we can and explain why we need longer to respond.
To exercise any of these rights, please contact us using the details in paragraph 13 below.
The rights you have are as follows:
- a right to ask us to send you a copy of all the personal data we hold about you (subject to some exceptions);
- a right to ask us to send certain personal data (only where we process this for the purposes of fulfilling a contract with you as an individual, sole trader or unincorporated partnership) in a common electronic format and to ask us to transfer that data to a third party if technically feasible;
- a right to object to us processing any personal data that we process on the basis of our legitimate interests (as set out above). If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so;
- a right to ask us not to send you marketing materials. You can do this by changing your account settings or clicking the “unsubscribe” link in marketing emails;
- a right to have inaccurate data corrected if we are satisfied that the new data you have provided is accurate;
- a right to ask us to delete your personal data in certain circumstances, for example if we have processed your personal data unlawfully or if we no longer need the personal data for the purposes set out in this privacy notice;
- a right to have processing of your personal data restricted in certain circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the personal data but you require us to keep it so that you can exercise your own legal rights. Restricting your personal data means that we only store it and don’t carry out any further processing on it unless you consent or we need to process the personal data to exercise a legal claim or protect a third party or the public;
- a right to ask us to explain the logic behind any wholly automated decision-making that has legal or significant effects on you and to request that a human reviews the decision.
12. Complaints
If you are unhappy with how we have processed your personal data, please contact our DPO in the first instance using the contact details in paragraph 13 below so that we can resolve your complaint. If you are still dissatisfied, you have the right to complain to the Information Commissioner’s Office which is the UK data protection regulator.
For more information, please see www.ico.org.uk.
13. Contact us
If you have any questions about this privacy notice or our processing of your personal data, or would like to exercise any of your rights or make a complaint, please contact our DPO using the following details:
Email address: enquiries@hapsengcredit.co.uk
Postal address: HS Credit, 7-8 Brighton Road, Stockport, Cheshire SK4 2BE