Privacy Policy – Fiduciam

Introduction

This Privacy Policy (“Policy”) describes how Fiduciam Nominees Ltd., Fiduciam Services Ltd., and Fiduciam Ltd. (collectively “Fiduciam”) collect, store and use Personal Data and/or other Confidential Data including information about borrowers, guarantors, brokers, intermediaries, sub-contractors, investors, clients, contacts, suppliers, employees and job applicants. Where the aforementioned are legal entities, we may collect, store and use information about their directors, shareholders and other beneficial owners.

In this Policy, we use the terms:

“we”, “us”, and “our” (and other similar terms) to refer to either:

Fiduciam Nominees Limited,
Fiduciam Services Limited,
Fiduciam Limited.

Fiduciam Nominees Limited is registered under the Data Protection Act 1998 (Act) with the Information Commissioner’s Office under registration reference ZA155195.

Fiduciam Services Limited is registered under the Data Protection Act 1998 (Act) with the Information Commissioner’s Office under registration reference ZA264098.

Fiduciam Limited is registered under the Data Protection (Bailiwick of Guernsey) Law, 2001 with the Information Office of the Data Protection Commissioner under registration reference 50241.

“Agreement” refers to a written document which sets out the terms and conditions of the engagement of/with a specific Fiduciam entity and which describes the services to be provided and/or the terms of any such engagement, such as a facility agreement, platform agreement, personal guarantee, non-disclosure agreement, engagement letter, employment contract, etc. Such Agreement terms should be relied upon in determining liability for the services provided.

“you” and “your” (and other similar terms) refer to our borrowers, guarantors, brokers, intermediaries, sub-contractors, investors, clients, contacts, suppliers, funding partners, directors, shareholders and ultimate beneficial owners where the aforementioned are legal entities, employees, job applicants and website visitors.

“Personal Data” means any information relating to an identified or identifiable natural person.

“Confidential Data” means non-public information relating to legal entities, assets, financial instruments, investments, activities, Agreements and which does not constitute Personal Data.

This Policy is an important document. We recommend that you read it carefully and print and keep a copy for your future reference. When you instruct us, interact with us, or otherwise contact us, we will assume you agree to the uses of your Personal Data and Confidential Data described in this Policy according to the terms and conditions described herein.

Our Principles

We are aware of our obligations under the European General Data Protection Regulation, and shall always ensure that your Personal Data is processed in accordance with the following principles:

that Personal Data is processed lawfully and in a transparent manner;
that Personal Data will only be processed for the purposes for which it was collected;
that Personal Data we hold will be relevant and limited to the purpose for which they were processed;
that Personal Data will be processed accurately and where relevant be kept up to date;
that Personal Data will be kept no longer than is necessary (in our reasonable opinion); and
that Personal Data and Confidential Data shall be adequately secured and protected against loss, unauthorised access or processing, and destruction or damage.

Your rights

You are entitled to a number of rights in relation to the Personal Data that we hold about you. You have the following rights in respect of your Personal Data:

to obtain access to your Personal Data;
to request us to rectify, supplement and update your Personal Data;
to the right to obtain information about the existence and processing of your Personal Data and to be informed of the contents and origin;
to object to us processing your Personal Data unless we have legitimate reasons (other than use simply based on your consent) to process your Personal Data;
to request us to erase your Personal Data unless we hold your Personal Data for legitimate reasons (other than simply based on your consent);
to object to us transmitting your Personal Data to another data controller unless such transmission is for legitimate reasons;
not to be subject to a decision which is based solely on automated processing, including profiling which would have an adverse impact on your situation;
where you granted us consent to collect and process your Personal Data, to withdraw such consent at any time you wish;
to file a complaint with us and with the Information Commissioner’s Office which regulates the processing of personal data.

Please note that aforementioned rights are curtailed in following instances:

where your Personal Data are provided to us by a third-party data controller we may not be able to share them with you, rectify them and erase them, and in such circumstances we will refer you to such third-party data controller;
where we have a legitimate reason to hold your Personal Data, we cannot be obliged to stop processing and transmitting or to erase such Personal Data; and
where the exercise of any of the above rights would cause us to be in breach of the law or regulations (for instance in the case of anti-money laundering).

How long we will keep your Personal Data

We will hold your Personal Data for as long as the purpose exists increased by any minimum period as prescribed by law, regulations and regulatory guidance. As of the date of this Policy, this means that we will keep:

Personal Data relating to our anti-money laundering and other regulatory obligations for a period of 5 years after the cessation of the business relationship;
Personal Data relating to any mortgage or other interest in land for a period of 12 years after the end of that mortgage or interest or the cessation of any claim in relation to them (whichever is longer); and
Personal Data relating to any other contract for a period of 6 years after the end of the contract or the cessation of any claim in relation to it (whichever is longer).

Prior to erasing the Personal Data, we may ask your consent to hold the Personal Data for a longer period if you may wish to obtain loans from us in the future. Furthermore, we may hold Personal Data beyond the aforementioned time limits without your consent in case of a commercial dispute, ongoing litigation or investigation.

What Personal Data and other Confidential Data do we collect?

From our initial contact with you through to providing you with our services or working together in other ways, we may collect various data (including Personal Data) about you and/or the company on behalf of which you act. We may collect, store and use the following data:

Information you provide us with. You may give us information about you by filling in forms or by corresponding with us by phone, e-mail, over the internet, during meetings or otherwise. This also includes information you provide when you register with us. The information you give us may include your name, address, e-mail address, phone number, date of birth, nationality, passport or national ID number and expiry date, marital status, tax identification number, employment details, bank details, passwords, financial information, corporate information, financial income, personal assets and liabilities, bankruptcy history, court judgements, sensitive information such as medical information, credit history, references, credit reports, track record and CV, business plans, project descriptions, trading performance, shareholders, directors, partners and beneficial owners, correspondence, etc.
Information from third parties. We may obtain information about you from third parties such as fraud prevention agencies, credit agencies, banks, public authorities, tax authorities, employers, referees, insolvency practitioners, debt advisors, tracing agents, accountants, RICS surveyors, intermediaries and brokers, consultants, commercial databases, the electoral register, publicly available information sources, other lenders, etc.
Information from technical sources. We may obtain information about you by web scraping, algorithmic models, cookies and tracking (IP address and URL clickstream).
Information we generate about you, such as payment records, credit and risk opinions, contact history, communication monitoring and activity on our websites.

Cookies

Our sites use cookies to distinguish you from other users of our sites. This helps us to provide you with a better experience when you browse our sites and also allows us to improve our sites (amongst others). By continuing to browse the sites, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our sites. They include, for example, cookies that enable you to log into secure areas of our sites.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our sites when they are using it. This helps us to improve the way our sites work, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our sites. This enables us to personalise our content for you and remember your preferences.
Targeting cookies. These cookies record your visit to our sites, the pages you have visited and the links you have followed. We will use this information to make our sites more relevant to your interests.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our sites.

How will we use Personal Data and other Confidential Data?

The ways in which we may use your Personal Data and other Confidential Data necessarily depends on the relationship you have with us. The list below (non-exhaustive) sets out the purposes for which we use your Personal Data and other Confidential Data:

for contact and communication purposes;
for contractual and legal reasons if you have entered into a transaction with us;
to comply with relevant regulations;
to engage with our customers and clients;
to manage business contacts;
to provide our services;
to deal with suppliers, advisers and other professional experts;
to understand your financial needs and interests;
to assess your loan application and credit profile;
to evaluate your business;
for opening and maintaining accounts;
for enforcing loan provisions or tracing you in the case of a default;
to comply with anti-money laundering, counter-terrorist financing and anti-bribery regulations;
to comply with know-your-customer practices;
to purchase, to collect and to administrate debt;
to recover debt;
to collect our fees or costs;
to make and receive payments;
for recruitment and selection purposes;
to support and manage our staff;
to apply correct withholding taxes;
to prevent fraud and for the apprehension and prosecution of offenders;
to evaluate and, in case of default, enforce your personal guarantee;
to evaluate your business track record;
to evaluate your capacity to service the loan;
to value any loan security;
to understand your overall financial and business situation, as well as your credit track record and reputation;
to take underwriting decisions on loans;
to enable us to act as principal for any financial transaction including mortgage loans;
for internal administrative purposes which relate to the services we offer to you;
for auditing purposes;
to share with third parties who provide us with funding to grant the loans;
to share with insurance companies to cover some of the risk inherent in the services we offer to you;
for cross-verification to reduce risk;
to better understand your financial objectives;
to assess whether potential funding partners are eligible to join our platform;
to provide loan participations to our funding partners;
to assist funding partners with their loan participations;
for statistical analysis;
to improve our website;
to handle complaints and enquiries;
to promote our services; and
any other purposes which may not be mentioned explicitly but are consistent with the above purposes.

Lawful basis

We are allowed to save and process your Personal Data on the following legal bases:

for the purposes of a contract;
to comply with a legal or regulatory obligation;
our legitimate interests; and

Where we save and process your Personal Data for the purposes of a contract, these purposes include (but shall not be limited to):

the performance of the contractual arrangements with you, in particular the Agreements;
to adhere to our contractual obligations with our funding partners under the Loan Market Association sub-participation standards; to establish, exercise or defend our legal rights or for the purpose of legal proceedings; and
to comply with our contractual duties as a lender, security agent and trustee.

Where we save and process your Personal Data in order to comply with legal and regulatory obligations, these shall include (but not be limited to) all laws and regulations in respect of:

anti-money laundering;
counter terrorist financing;
anti bribery and corruption;
anti-tax evasion; and
to report to regulatory bodies and tax authorities.

Where we save and process your Personal Data for our legitimate interests, these shall include (but not be limited to):

the prevention of fraud;
to comply with our risk management, underwriting, loan servicing and other similar governance policies;
to report to regulatory bodies and tax authorities; and
to keep a contact database.

Where we save and process your Personal Data based on consent, this shall typically be for:

marketing purposes; and
promotional purposes.

Potential borrowers: fraud prevention

If you are a potential borrower, you must be aware that it is a criminal offense to knowingly supply false information to obtain a loan.

Before we provide services or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process Personal Data.

The Personal Data you have provided, we have collected from you, or we have received from third parties, will be used to prevent fraud and money laundering, and to verify your identity. Where information is obtained from third parties, we shall ensure that at all times the source from which or the intermediary through which the information is provided

can be disclosed to you.

Details of the Personal Data that will be processed, for example include name, address, date of birth, address, contact details, financial information, tax information, employment details, device identifiers including IP address and personal identifiers.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your Personal Data to detect, investigate and prevent crime.

We may run a search for similar loan applications you have made, as a potential borrower, to other lenders. If fraud is suspected, we may share relevant details with those lenders.

Information we share with fraud protection agencies may be used by other entities such as lenders making financial or credit-related decisions about you.

Your Personal Data may also be used to check against the existing open accounts with other lenders to prevent and/or detect fraud.

Fraud prevention agencies can hold your personal data for different periods of time.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.

Who else may have access to your Personal Data and other Confidential Data?

We may need to share your Personal Data and other Confidential Data with third parties:

Authorities, including tax authorities, and regulators as required by law or regulation;
Our affiliates and subsidiaries;
Fraud prevention organisations and companies, credit reporting agencies and companies, anti-money laundering database providers, and similar organisations;
Our business partners, external service providers and professional subcontractors such as solicitors, surveyors, valuers, accountants, auditors, insurance underwriters and companies, software and IT sub-contractors, debt collectors, receivers, administrators and professional intermediaries.
Our funding partners, funding vehicles, and banks.

These third parties may keep a record of your Personal Data and the other Confidential Data. We impose contractual obligations on these third parties to protect your Personal Data and the other Confidential Data.

Where you have provided us with Personal Data about other people

Where you provide information about other people, e.g. information about directors, partners, members, shareholders or beneficial owners other than yourself then you confirm that you have their consent to provide us with such information, that they have read, understood and agreed to the terms of this Policy, including how we may use such information.

Monitoring for quality assurance and training

We strive to ensure that the services we deliver to our clients are of the highest possible standard. With this aim in mind, it may sometimes be necessary for us to monitor telephone and e-mail communications between you and our employees for the purpose of quality assurance and training or as otherwise permitted by law.

We will only ever conduct communications monitoring in compliance with applicable law, and will at all times continue to protect the confidentiality of your communications in accordance with this Policy.

International transfers of Personal Data

As described above, from time to time, we may need to transfer your Personal Data to affiliates and third parties that may have offices that are located in territories outside of the European Economic Area (“EEA”), in order to provide you with the services required.

Where we transfer your Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in compliance with our legal obligations. Transfers outside of the EEA may be achieved in one of the following ways:

the country that we send the data to is approved by the European Commission as offering an adequate level of protection for Personal Data;
the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data;
where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
in other circumstances the law may permit us to otherwise transfer your Personal Data outside the EEA.

How we look after your Personal Data and other Confidential Data

We use a range of measures to keep your Personal Data safe and secure, which may include encryption and other forms of security. Fiduciam requires our staff and any third-party subcontractors to comply with appropriate data protection standards. Our employees receive periodic training in respect of data protection and must adhere to this Policy as well as our Data Protection Manual. Unauthorised use or disclosure of Personal Data or Confidential Data by an employee may result in disciplinary measures.

Personal Data and Confidential Data may be processed by either automated or manual methods. Automated decisions will only ever be made if they are necessary for us to fulfil our contractual obligations, for legal reasons, or if you have provided consent and such processing is allowed under EU or national laws applicable to us.

We have put in place appropriate technical and organisational security measures, such as confidentiality agreements, to protect your Personal Data and other Confidential Data against unauthorised or unlawful use, and against accidental loss, damage or destruction.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to or from our sites; any transmission is at your own risk.

Questions, concerns, complaints and exercising your rights

If you have any questions, concerns or complaints about this Policy, about how we collect, store and use Personal Data and Confidential Data, if you wish further information explaining with which fraud prevention agencies we work, how data held by fraud prevention agencies may be used, or to exercise your rights set out in this Policy, please e-mail us our Data Protection Officer, Henrik Takkenberg at:

E-mail: compliance@fiduciam.co.uk.

Mail: Josaron House, 2nd Floor, 5-7 John Prince’s Street, London W1G 0JN

Telephone: +44 203 290 1933

Our Data Protection Officer is the first point of contact for supervisory authorities, employees and customers.

Changes to our privacy policy

We reserve the right to modify this privacy statement or any part of it at any time and any changes will be posted on our websites.

May 2018