Privacy Policy for end users
Smartr365 Finance Limited is committed to safeguarding your privacy and ensuring the security of your personal information. This Privacy Policy outlines our practices as a data processor, regarding the collection, use and sharing of personal data for end customers on behalf of our clients (brokers/intermediaries/ introducers). We have a separate privacy policy for professional business clients, which can be found here .
This Privacy Policy relates to end clients whose broker/intermediary/introducer uses the Smartr365 platform to capture, store and process personal information. Please take a few minutes to read it, and show it to anyone else connected to the product/service we provide.
When we refer to personal information, we mean information about an individual that can identify them, such as their name, address, email address, telephone number and financial details. Any reference to "information" or "data" in this policy is a reference to personal information about a living individual.
We may collect and process certain personal information and data about you to provide our products and services effectively. The information we collect may include but is not limited to:
Type of data | Description | Examples of how we use it |
Contact Details |
|
|
Identity and Biometric Data |
|
|
Social and Demographic Data |
|
|
Financial Information / Transactional |
|
|
Professional or Employment-related Information |
|
|
Documentary Data and National Identification Documents |
| · Compliance with statutory regulations and to prevent financial crime |
Profile / Behavioural Details |
|
· Perform data analysis and research to improve our products and services
|
Contractual |
|
|
Consent & Preferences |
|
|
Technical |
|
|
Communication Data |
* We do not record calls but log meetings conducted with your broker |
· Perform data analysis and research to improve our products and services
|
Special Category Data |
|
|
Criminal Convictions |
| · Compliance with statutory regulations and to prevent financial crime Product development and pricing
|
Open Data & Public Records | · Other Information About You that is Openly Available on the Internet. |
|
Anonymised and Aggregated Data | · Anonymised and Aggregated Demographic Information Collected About You. · Statistics About How Applications and Documents are Processed Through Our Platform. *Aggregated, anonymised data is not personal information subject to this Privacy Policy. This data is stripped of personally identifiable information and combined with data from other clients to produce market insights and trends or for any other purpose. We may also share aggregated and anonymised information with our business partners. | · To identify market trends, conduct research and provide insights to our clients
|
Information we process about you is either entered into the Smartr365 platform by a broker, intermediary or introducer or directly by you following an initial consultation with your broker/intermediary/introducer. To understand where your broker, intermediary or introducer sourced your information, you would need to speak to them directly. For more information on how we use cookies, please refer to our cookie policy.
We use personal information that we hold about you:
· To carry out our responsibilities resulting from any agreements you have entered into with us and to provide you with the information, products and services that you have asked from us.
· To provide you with marketing information about services and products we offer that may be of interest to you. If you have opted in to receive marketing from us, based on your marketing preferences, we may deliver this information by post, telephone, email, SMS or personalised online marketing via our own platform, social media platforms and/or other third party websites e.g. YouTube. Please note that if you choose not to receive online marketing, you will not see personalised messages using your personal data, however you may still see generic online advertising about our products and services.
We may also send marketing to you using our "legitimate interests", please see below for further information.
· To inform you about changes to our services and products.
· To comply with any applicable legal or regulatory requirements (including "know your customer" checks, or compliance with any relevant regulatory reporting or disclosure requirements).
· For conducting market research, statistical analysis and customer profiling to help us to improve our processes, products and services and generate new business (e.g. to understand digital behaviours, identify financial attitudes and develop more engaging communications).
· To define our pricing and product / service development strategies.
· To operate our business efficiently and appropriately. This includes testing our systems, managing our financial position, business capabilities, planning, communications, corporate governance, and audit.
· For any other purpose that we have agreed with you from time to time.
When you apply for a product or to receive a service from us, the application form you fill out or the resulting contract may contain additional conditions relating to the way we use and process your personal information. These will apply in addition to the uses described in this document.
In some cases, we may use software or systems to make automated decisions (including profiling) based on the personal information we have, or collect from others. These may include:
· The prevention and detection of fraud and financial crime: To perform transaction monitoring, identity verification, money laundering and sanctions checks, and to identify politically exposed individuals. We are required by law to perform these activities which may be achieved using solely automated means to make decisions about you. We may use these activities to decline the services you have requested or to stop providing existing services to you.
· Servicing activities such as: (i) Personalising the content and design of communications and online services and (ii) Determining when to provide tailored communications about your product (e.g. as a result of changes in your personal circumstances or lifestyle) and the appropriate channel(s) to use
· Identifying market trends, conducting research and providing insights to our clients
These may be achieved using profiling in order to predict certain characteristics about you (e.g. your economic situation, interests, personal preferences or transactional behaviour). The activities will not have a detrimental effect on you.
Any information we use for profiling will be anonymised and aggregated personal data.
Data protection laws require us to meet certain conditions before we're allowed to use your personal information in the way we describe in this privacy policy. We take these responsibilities extremely seriously. To use your personal information, we will rely on the following conditions, depending on the activities we're carrying out:
Providing our contracts and/or services to you: We will process your personal information to fulfil our responsibilities arising from any agreements you have entered into with your broker, intermediary or introducer and to provide you with the information, products and services you have requested, which may include online services.
Compliance with applicable laws: We may process your personal information to comply with any legal obligation we are subject to.
Legitimate interests: To use your personal data for any other purpose described in this privacy policy, we will rely on a condition known as "legitimate interests". It's in our legitimate interests to collect your personal data as it provides us with the information that we need to provide our services to you more effectively. We may use your information to:
· Conduct market research and product development which can include creating customer demographics and/or profiling.
· Continue to send marketing information, via post only, to customers who purchased a product before 25th May 2018 and did not opt-out, until such time as they have reviewed their marketing preferences (which can be done at any time).
· Send marketing information, via post only, to customers who have a relevant and appropriate relationship with us.
· Develop and test the effectiveness of marketing activities.
· Develop, test and manage our brands, products and services.
· Study and manage how our customers use products and services from us and our business partners.
This requires us to assess our interests in using your personal data against the interests you have as a citizen and the rights you have under data protection laws.
The outcome of this assessment will determine whether we can use your personal data in the ways described in this Privacy Policy (except in relation to marketing, where we will always rely on your consent). We will always act reasonably and give full and proper consideration to your interests in carrying out this assessment.
Consent: We may provide you with marketing information about our services or products where you have provided your consent for us to do so. You may opt out of marketing at any time by email or telephone.
Special category (sensitive) data: We may process special category data about you as a data processor to provide you with the information, products and services you have requested
Criminal conviction data: We may process this type of information as a data processor and solely for the purpose of preventing fraud.
Please be aware that the personal information you provide to us, and which we collect about you, is necessary for us to be able to provide our services to you and without it we may not be able to do so.
We will retain your personal information in accordance with our internal retention policies. The length of time we retain it will be determined by the minimum retention periods required by law or regulation. We will only keep your personal information beyond this period if there is a legitimate and demonstrable business reason to do so.Once the data is no longer needed, we will securely dispose of it.
We will not sell, rent or lease your data to third parties for them to market to you. We will only disclose your information to:
· Other third-party suppliers, contractors and service providers for the purposes listed under "How do we use your information" above.
· Selected third parties, so that they can contact you with details of the services that they provide, where you have expressly opted-in or consented to the disclosure of your personal data for these purposes.
· Our regulators, government (e.g. HMRC) and law enforcement or fraud prevention agencies, as well as our professional advisers.
In addition we may disclose your personal information to third parties:
· If the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
· If we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
· To enforce or apply the terms of any contract with you.
· If we are under a duty to disclose or share your personal data to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.
· To protect you and us from financial crime, we may be required to verify the identity of new and sometimes existing customers. This may be achieved by using reference agencies to search sources of information relating to you (an identity search). This will not affect your credit rating.
· If you have been introduced to us by another company (e.g. bank, insurer, building society)
We may access and use from other countries the information recorded by fraud prevention agencies.
We may share anonymised and aggregated data with third parties, such as business partners, advertisers and researchers, for research and analysis purposes. This data does not contain any personally identifiable information.
We take data security seriously and employ reasonable administrative, technical, and physical measures to protect personal information from unauthorised access, disclosure, alteration, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
Our Service may contain links to other sites that are not operated by us, for example Digidentity, Halifax. If you click on any third party link from Smartr365, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") to third-party suppliers, delegates or agents. We will take all reasonably necessary steps to make sure that your data is treated securely and in accordance with this Privacy Policy.
We will only transfer your data to a recipient outside the EEA where we're permitted to do so by law (for instance, (A) where the transfer is based on standard data protection clauses adopted or approved by the European Commission, (B) where the transfer is to a territory that is deemed adequate by the European Commission, or (C) where the recipient is subject to an approved certification mechanism and the personal information is subject to appropriate safeguards, etc.).
Unfortunately, sending information via e-mail is not completely secure; anything you send is done so at your own risk. Once received, we will secure your information in accordance with our security procedures and controls.
You have rights under data protection law that relate to the way we process your personal data. More information on these rights can be found on the Information Commissioner's website. If you wish to exercise any of these rights, please get in touchwith your Broker or Intermediary.
Your rights | |
1. | The right to be informed about how your personal data is being collected, and processed, and for what purposes. |
2. | The right to access the personal data that we hold about you. |
3. | The right to make us correct any inaccurate personal data we hold about you |
4. | The right to make us erase any personal data we hold about you. This right will only apply where for example: · We no longer need to use the personal data to achieve the purpose we collected it for · You withdraw your consent if we're using your personal data based on that consent · Where you object to the way we use your data, and there is no overriding legitimate interest |
5. | The right to restrict our processing of the personal data we hold about you. This right will only apply where for example: · You dispute the accuracy of the personal data we hold · You would like your data erased, but we require to hold it in order to stop its processing · You have the right to require us to erase the personal data but would prefer that our processing is restricted instead · Where we no longer need to use the personal data to achieve the purpose, we collected it for, but you need the data for legal claims. |
6. | The right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to make us transfer this personal data to another organisation. |
7. | The right to object to our processing of personal data we hold about you (including for the purposes of sending marketing materials to you). |
8. | The rights in relation to automated decision making and profiling: |
9. | The right to withdraw your consent, where we're relying on it to use your personal data (subject to legal requirements). |
10. | The right to lodge a complaint with a supervisory authority if you believe your rights have been violated |
Your rights:
2. The right to access the personal data that we hold about you.
3. The right to make us correct any inaccurate personal data we hold about you
4. The right to make us erase any personal data we hold about you. This right will only apply where for example:
a. We no longer need to use the personal data to achieve the purpose we collected it for
b. You withdraw your consent if we're using your personal data based on that consent
c. Where you object to the way we use your data, and there is no overriding legitimate interest
5. The right to restrict our processing of the personal data we hold about you. This right will only apply where for example:
a. You dispute the accuracy of the personal data we hold
b. You would like your data erased, but we require to hold it in order to stop its processing
c. You have the right to require us to erase the personal data but would prefer that our processing is restricted instead
d. Where we no longer need to use the personal data to achieve the purpose, we collected it for, but you need the data for legal claims.
6. The right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller.
7. The right to object to our processing of personal data we hold about you (including for the purposes of sending marketing materials to you).
8. The rights in relation to automated decision making and profiling:
9. The right to withdraw your consent, where we're relying on it to use your personal data (subject to legal requirements).
10. The right to lodge a complaint with a supervisory authority if you believe your rights have been violated
Smartr356 provides SAAS to brokers and brokerages. As such, Smartr365 is not the owner of your data or responsible for managing personal data that our clients capture. We do not hold or process your personal data in the capacity of a Data Controller. You will therefore need to contact your broker directly and ask them to process any Data Subject Access Requests you may have. We will assist Brokers in fulfilling any GDPR obligations.
Smartr365 Finance Limited complies with the requirements of the relevant legislation in the United Kingdom, specifically:
· The EU General Data Protection Regulation (EU GDPR) and UK General Data Protection Regulation (UK GDPR)
· PECR (Privacy & Electronic Communications (EU Directive) Regulations 2003
Smartr365's registered office is at 1 Queen Caroline Street, Hammersmith, W6 9YN and we are a company registered in the UK under company number 10487227. We are registered with the Information Commissioner's Office as a data controller. We are also a data processor when processing end-user data on behalf of our clients. For data protection inquiries we can be contacted at dataprotection@smartr365.com or by visiting our website: https://www.smartr365.com/contact-us/
If you have any concerns about the way we process your personal data, or are not happy with the way we have handled a request by you in relation to your rights, you also have the right to make a complaint to the Information Commissioner's Office. Their address is:
First Contact Team
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. Any changes will be effective immediately upon posting the updated Privacy Policy on our website. Your continued use of the Service after the changes will signify your acceptance of those changes.