YOU HAVE A RIGHT TO KNOW HOW WE WILL USE YOUR PERSONAL DATA
We are committed to ensuring the security of your personal data.
Data Protection Laws place obligations on us to process your information fairly and lawfully and to keep it secure. For the purposes of Data Protection Laws, the controller of your personal data is Chordis Capital Limited who is registered with the Information Commissioners Office (ICO) under registration reference ZA819285. We review our registration status periodically to ensure it accurately reflects the information we collect and how we use it.
What is “Personal Data”?
Personal data broadly means information that relates to an identified or identifiable living individual (“identifiable” refers to being able to identify the living individual directly from the information held or when the information held is combined with other information).
How Will We Comply With Data Protection Laws?
Contract: Where you are an existing customer we will process your personal data to the extent required for us to provide you with services related to products that you have purchased from us in accordance with its terms (for example existing customers can make a payment, request information in respect of how to obtain additional finance or how to obtain a redemption figure). Additionally, if you are not an existing customer but you have requested further information about one of our products or services, we will use your personal data to provide you with such requested information.
Legal obligation: Where there is a legal requirement upon us to record, retain or share your personal data with authorities, we must do so.
Consent: Where you have provided your consent, we also rely on your consent to use your personal data in certain ways (for example, you may provide us with your consent to market our products and services to you via a particular delivery channel).
Special Category and criminal offence data: We do not collect information classified as special category data, such as relating to health, racial or ethnic origin, religious beliefs etc or criminal offence data unless it is lawful to collect such information, any separate conditions for processing this data as set out under Data Protection regulations have been met and the data is necessary to fulfil a transaction (for example data relating to health will allow us to comply with the Equalities Act 2010 and make reasonable adjustments for you if required).
The type of personal data we will collect about you via the Website
The Website provides users who are interested in our products/services with an opportunity to submit online enquiries to us. The personal data that you may provide to us through the Website is set out below:
- your name; your contact details (including postal address, email address and phone number); your account number (when you are an existing customer and you contact us via the Website about your existing loan/mortgage, for example to request that we contact you with a redemption figure);
- any personal data you choose to include when typing additional comments in free text boxes (such as ‘tell us a little bit more about your enquiry’);
- any personal data you may include when submitting a complaint online;
- your debit/credit card details (only when you choose to make a loan or mortgage payment online through the Website); and
- we may automatically collect technical information (including IP address, device details and your login information) and information about each visit you make to the Website (such as page response times and length of visit).
How we use credit reference and fraud prevention agencies
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail from each of the three CRAs – clicking on any of these three links will take you to the same CRAIN document: Transunion (formerly Callcredit) [www.transunion.co.uk/crain]; Equifax [www.equifax.co.uk/crain]; Experian [www.experian.co.uk/crain].
How we handle your personal data
We will observe the rights granted to you under applicable Data Protection Laws and will ensure that queries relating to privacy issues are dealt with promptly and in a transparent manner. See below for details about how to contact us and how to exercise your right to obtain copies of your personal data from us under Data Protection Laws.
We will only collect and process your personal data where we have lawful grounds to do so.
We will update our records if you inform us that your details have changed. Please tell us (see contact details below) as soon as possible about this. We will update our records promptly once we are satisfied that the new information (such as your new address or contact detail) is accurate.
How we will use the personal data we collect about you
We will store and process your personal data on our computers. Please see the Data Security header below for details about how we keep your personal data secure, in line with our obligations under Data Protection Laws.
We will use your personal data collected (including from any third parties, where relevant and lawful) to:
- contact you about our products/services (in response to your request for this contact which you have made via our Website);
- provide our products/services to you if you decide to go ahead and obtain them (but please note as explained above that supplemental privacy information, notices and/or statements will also be relevant to that processing);
- manage and contact you about any products or services that we provide to you (and in doing so enter your details into our customer relationship management tool, which is hosted by Microsoft);
- contact you in respect of any complaints that you submit;
- process payments you choose to make if you make a payment to us relating to your loan/mortgage via the Website;
- comply with our legal obligations; and
- in an anonymised form, identify patterns which we can use to help us develop, administer, support and improve our services.
Please note that our services / products may be available via other websites (e.g. broker or intermediary websites) and we may link to other websites through the Website. We are not in control of these websites. Their use of your personal data is governed by their privacy policies.
We therefore recommend that you check the policy of each website that you visit and make sure that you are comfortable with the terms of such policies before providing any personal data.
Who do we pass your data to?
We may use third parties to provide services on our behalf which may include processing (but not using themselves for their own purposes) your personal data and this means we will disclose your personal data to them.
We will provide your personal data to the following categories of third parties:
Companies that provide data hosting and website management services and Microsoft; and companies that provide website analytics services and /or help us to make advertising messages more relevant to you such as Google Analytics, Bing, AppNexus and/ or Response Tap (please see our Cookies Policy for further information).
In each case, we will, in accordance with our obligations under Data Protection Laws, put in place appropriate written protections for your personal data.
In addition to the disclosures described above, we may disclose your personal data to:
- our auditors, solicitors and professional advisors;
- Associated companies of Chordis Capital where we believe they can contribute to a competitive bespoke financial solution. Any approach we make to an associated company will be with your knowledge or on a no-names basis;
- Fraud Prevention / Money Laundering Agencies for fraud and money laundering prevention purposes and to verify your identity and address;
- Credit Reference Agencies as part of our underwriting process;
- anybody having a legal right to your personal data, including the police and any other legal and regulatory authorities and government bodies;
- to any third party who acquires all, or substantially all, of the assets or shares in Chordis Capital Limited, any of our corporate group, and/or the Website, whether by sale, merger, acquisition or otherwise; and
How long we keep your personal data
We take steps with a view to permanently deleting, destroying or anonymising your personal data (which means that we are no longer able to identify you from it) when it is no longer necessary for its purpose and we are not required by law to keep it.
How long we keep your personal data depends upon the purpose for which your personal data was collected was provided. Generally however:
- we will keep the information no longer than is necessary to enable us to provide you with a service that you have requested for as long as it takes us to provide that service (i.e. until that service or product has been provided to you and you have fulfilled your obligations in relation to that service or product). After that, we will only keep information about you if it is necessary for us to do so to comply with our legal obligations for example we have a legal obligation to retain information about your identity and residency for a period of time after you cease being a customer;
- we will keep your contact details for a reasonable period to use them for marketing purposes (but we will not retain these details indefinitely or if you have withdrawn your consent or exercised your right to object to such processing); and
- where you have provided your personal details in order to request more information about a product or service and you do not uptake that product or service we will delete your personal data after 18 months.
Will my personal data be transferred outside of the European Economic Area?
We currently do not intend to transfer your personal data to third parties and organisations who hold data outside of the European Economic Area (EEA). However, some third party suppliers or service providers may have back up or disaster recovery data centres that are located in multiple jurisdictions outside the EEA (for example, in the United States). This may mean that in certain limited circumstances personal data is transferred to countries which do not provide the same level of protection for personal data as the EEA.
Where your personal data is being transferred outside the EEA, we will ensure that appropriate safeguards are in place, such as the use of the EU Commission approved model contract clauses to protect your information in accordance with Data Protection Laws.
Your rights in relation to your records
You have a number of rights under Data Protection Laws in relation to the way we process your personal data. These are set out below. You may contact us using the details below to exercise any of these rights and we will respond to any request received from you within one month from the date of the request. Kindly note that some of these rights are not absolute rights and there may be a legitimate reason why we cannot process your request. The rationale behind this will be fully explained to you.
DESCRIPTION OF RIGHT
Individuals have the right to be informed about the collection and use of their personal data.
A right to access personal data held by us about you.
A right to require us to rectify any inaccurate personal data held by us about you.
A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent (if we are using your personal data based on your consent); or where you object to the way we process your data (in line with Right 6 below).
A right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.
A right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.
A right to object to our processing of your personal data (including for the purposes of sending marketing materials to you).
Rights related to automated decision making including profiling (making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
If you would like to exercise the rights listed above, you can send a request:
By mail to: Customer Services, Chordis Capital, 9th floor, Corner Block, 2 Cornwall Street, Birmingham.
In accordance with our obligations under Data Protection Laws, to prevent unauthorised access to or disclosure of your personal data (including card payments), maintain data accuracy, and ensure the appropriate use of your personal data, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the personal data we collect online.
However, you acknowledge that, unfortunately, the transmission of information via the internet, including the online enquiry forms you submit to us is not completely secure. We cannot guarantee the security of your data transmitted to the Website: any transmission (i.e. your sending of the personal data to us) is at your own risk. Once we have received your personal data, we will use the steps detailed above to protect it.
You should be aware that there are inherent risks in transferring personal data over the Internet. For example, if you send us an e-mail from your private mailbox, we cannot guarantee the security of the content during its transmission to us. For that reason, please do not send to us an unsecured e-mail with confidential information such as your National Insurance or bank account numbers, or any sensitive personal data.
Customer feedback and complaints
If you are not happy with the way in which your personal data is held or processed by us, or if you are not satisfied with our handling of any request by you in relation to your rights or any automated profiling that we carry out, our Data Protection Officer would be happy to help. You can contact our Data Protection Officer at the Chordis address shown above.
Alternatively, you have the right to complain to the Information Commissioner’s Office (ICO) by calling 0303 123 1113. The ICO is the UK’s independent body set up to uphold information rights. You can find out more about the ICO on its website (www.ico.org.uk/).
This Website is operated by Chordis Capital Limited. References in this Cookies Policy to “we”, “us”, “our” and “ourselves” are references to Chordis Capital Limited. References to “you” or “your” are references to any person reading this Cookies Policy.
A description of the types of cookies used by the Website and how we use them can be found below. We may update this description from time to time. As mentioned, steps will be taken to draw this to the user’s attention and to collect appropriate new consents at that time, where necessary.
When users use the Website they will be using a browser and this means that they can control, block or restrict cookies through their browser settings. Information on how to do this can be found within the Help section of the browser used. All cookies are browser specific. Therefore, if you use multiple browsers or devices to access websites, you will need to manage your cookie preferences across all of these elements. In addition when you first visit our Website you will see a cookies consent banner or pop-up which draws your attention to the fact that cookies are used and which links through to this Cookies Policy.
There are also several online resources that can provide more information on cookies and how they can be controlled within a variety of different web browsers. Please visit either http://www.aboutcookies.org or http://www.allaboutcookies.org for more information.
If you use a mobile device to access the Website, you will need to refer to your instruction manual or other help/settings resource in order to find out how to control cookies on the particular device.
Please note: if you restrict or delete cookies, you may experience a loss of functionality while accessing the Website and you will be treated as a first time visitor the next time you visit the website.
The Website uses session cookies (which expire once a user closes their web browser), session cookies are analysed by Google Analytics and give us information about the time you spent on the Website, which parts of the Website you visited and any click-through you followed in the Website. The Website may also use persistent cookies (these remain on a user’s computer or other device when they close their web browser – until such time as they expire or the user deletes them).
We have grouped the cookies used by the Website into the following categories, to make it easier for you to understand why we use them:
Strictly Necessary: these cookies are strictly necessary for the Website to work properly and for us to keep it secure. They are needed to allow users to use the Website and its features, including to move between pages of the website.
Performance/Analytical: these cookies allow us to collect certain information about how a user navigates the Website. These cookies collect information that is used either in aggregate form to help us understand how our site is being used or how effective our marketing campaigns are, or to help us personalise our site for you.
Marketing: these cookies are used to make advertising messages more relevant to you. We may use this data to tailor the marketing and ads you see on our own and other third party websites and mobile apps, including social media.
You might notice that some cookies on the website are not related to us. This is because some of the pages on the Website contain embedded content from third party websites – such as video from YouTube, Twitter or LinkedIn for example. Because this content is from another website, we do not control the cookies which relate to this. If a user wants to change their cookie preferences to block these third party cookies, they should check the third party websites for information on how to manage their cookies.
We may also embed social sharing icons throughout the Website. These sharing options are designed to enable users to easily share the Website’s content with their friends using a variety of different social networks. These social sharing sites may set a cookie when a user is logged into their service. Please note that we do not control the dissemination of these cookies and users should consult the relevant third party website for information on how these cookies are used and how the user can control them.
Our Review of this Policy
Chordis Capital Limited keep this Policy under regular review. The Policy was last updated on 17th March 2021