DATA PROTECTION: FAIR PROCESSING NOTICE
IN-SYNC Factoring Ltd takes the protection and privacy of personal data seriously. This Fair Processing Notice explains how we use, protect and store personal data before, during and after being a customer of IN-SYNC Factoring.
Our contact details
4 The Millennium Centre, Crosby Way, Farnham, Surrey, GU9 7XX
Telephone number: 01252 70 22 70
Our Data Protection Officer can be emailed at dpo@in-syncgroup.com.
What personal data do we collect about you, how do we use that personal data, and what is our legal basis?
We need a legal basis in order to process your personal data. Any data we process is because we either have a contract with you (or you wish to obtain a contract with us), we have a legal obligation to do so, or because it is a legitimate activity. On occasion, we will seek your consent to process your personal data, but you are free to refuse.
When you are a client or wish to become a client of IN-SYNC Factoring, we collect and process your personal data:
- in order to fulfil our contract for services with you;
- to assess your application for a factoring agreement;
- to fulfil our legal obligations to prevent money laundering, fraud and terrorist financing;
- where the activity is a legitimate one for a business; and
- with your consent for marketing.
We process your personal data because we have a contract with you, you would like to enter into a contract with us or it is a legitimate business activity.
We collect your name, address, date of birth, NI number, home phone, mobile, email address, your financial data and your employment details in order to provide you with the agreed service and to contact you. Our legal basis to do so is because we have a contract with you or you would like to enter into a contract with us.
Once you become a client of IN-SYNC Factoring, we will assign you a client unique identifier number as this is a legitimate activity in order to avoid any system errors or mistakes in making payments.
We will send you cash advance updates and useful information as part of our contractual service with you.
As we are part of a group of companies (IN-SYNC Group), we will share your data with our other companies for administrative and reporting purposes only. This is legitimate activity for us.
If you make a subject access request, a deletion request or object to our processing, we will keep a record of this request on a Smartsheet spreadsheet. It is a legitimate interest of ours to keep a record of all actions pertaining to such requests. We will keep these records using your name, your NI and a record of what personal data was requested or deleted using generic wording eg. contact details but not your actual phone number or address.
We process your personal data because we have a legal obligation to do so.
In order to comply with our legal obligations to prevent money laundering, fraud and terrorist financing, we will process some of the following data:
- passport (name, DOB, facial biometrics, passport number, nationality, gender, place of birth, signature);
- Biometric Residents Permit (name, date and place of birth/ biometrics - fingerprints and a photo of face/ immigration status / access to public funds);
- valid photo card driving license (name, DOB, signature);
- recent evidence of entitlement to a state- or local authority-funded benefit, including housing benefit, council tax benefit, tax credits, state pension, educational or other grant (name, address, DOB, NI number);
- current council tax letter or statement (name, address);
- HMRC-issued tax notification (name, address, DOB, NI number);
- end of year tax deduction certificates (name, address, DOB, NI);
- current bank statements or credit/debit card statements (name, address);
- current utility bill (name, address);
- date of birth (for age verification and general identity).
We process your personal data with your consent and where it is a legitimate business activity.
We will send you information pertaining to IN-SYNC Factoring because you are a client of ours as this is a legitimate business activity. We will also send you this information for one year after you have left IN-SYNC Factoring as you may wish to come back to us and this is a legitimate activity.
We will send you marketing information and newsletters from other companies in the IN-SYNC Group only when you consent for us to do so.
We will ask for feedback on our products or services in order to monitor and improve our service delivery, and this is a legitimate activity for us. You can complete these questionnaires if you wish to, however you are not obliged to do so. These questionnaires are not anonymous.
You have the right to unsubscribe to marketing at any time. If you do choose to unsubscribe, we will keep your name and email address on a suppression list so that we don’t email you again by accident and this is a legitimate activity for us.
If you are on our suppression list, you will still receive communications that are necessary to the performance of your chosen services, or notifications to avoid you missing deadlines and/or incurring penalties.
How long do we hold your personal data?
We will hold your personal data that was collected for anti-money laundering purposes for five years from when you ceased a relationship with IN-SYNC Factoring Ltd, after which it will be destroyed. This is in accordance with Anti-Money Laundering Regulations. We will hold the personal data that was collected for the purposes of providing you with financial services while you are a customer and for seven years, after which it will be destroyed. This is in accordance with HMRC requirements.
We will hold your name, email and phone number to send you marketing information as long as you would like us to do so. If you withdraw your consent, we will hold this data for five years in a suppression list so that we don’t market to you against your wishes.
We will hold your name, NI and information pertaining to your subject access request, deletion request or objection for a period of seven years in case of any ICO investigations or legal claims.
Who do we share your personal data with?
Depending on your chosen services or our requirements, we may share your personal data with the following recipients:
HMRC for the purpose of providing our cash advances product;
- National Crime Agency, Action Fraud and any other competent and authorised body for the prevention, detection and investigation of money laundering, fraud or terrorist financing;
- our software, technology applications, database providers (Anchor Computer Systems Ltd), Campaign Monitor Pty Ltd, Docusign UK Ltd, Microsoft, SmartSheet Inc, TextAnywhere Ltd, Fast SMS, PCA Predict) necessary for recording, securing and updating your personal details and administering services internally as well as external communications;
- Feefo Holdings Limited for the purposes of consumer feedback;
- Callcredit Information Group Ltd for the purpose of identification checks
- Barclays Bank Plc for the purpose of making payments;
- Capita Pay360 for the purpose of administering payments;
- companies that verify publicly available documents and information (e.g. Credit Reference Agencies, Home Office);
- ARC (Europe) Ltd for the purposes of collecting aged debtors;
- High Court Enforcement Officers Association for the purposes of enforcing High Court writs to seize and sell assets to settle unpaid judgements;
- Information Commissioners Office in the event of a request for information or breach;
- IN-SYNC Group Companies (only with your consent) for marketing relevant services;
- Legal advisors and consultants;
- Insurance companies.
Do we transfer your personal data outside of the EU or EEA?
Your data is kept in the EU or EEA except for data that is processed by SmartSheet Inc, a technology application used by us to create administrative spreadsheets.
SmartSheet Inc is located in the USA, which is non-adequate country for data transfer as determined by the European Commission. Your data is protected by SmartSheet Inc by the Data Processing Addendum (“DPA”) they have in place, which incorporates the Standard Contractual Clauses (“SCC”) to ensure there is a valid transfer mechanism in place in accordance with the GDPR and Smartsheet regularly reviews its practices to ensure that it treats all data in accordance with Article V Standards of the GDPR. Details of which can be found here https://www.smartsheet.com/legal/DPA. Smartsheet continues to maintain its participation in and have certified their compliance with the EU-U.S. and US-Swiss Privacy Shield Frameworks and Principles (collectively, the “Privacy Shield Principles”) although this has been invalidated by the European Court of Justice, Smartsheet is committed to continuing to protect personal data in accordance with the Privacy Shield Principles.
Your Rights
You have a number of rights in respect of our processing of your personal data which are:
- To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- we no longer need it;
- if we are processing your personal data by consent and you withdraw that consent;
- if we no longer have a legitimate ground to process your personal data; or
- we are processing your personal data unlawfully.
- To object to our processing if it is by legitimate interest;
- To restrict our processing if it was by legitimate interest;
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us on 01252 70 40 30 or email our Data Protection Officer on dpo@in-syncgroup.com.
You also have the right to lodge a complaint about our processing with the UK's Information Commissioner's Office.