Introduction

This privacy notice provides you with details of how we collect, store and process your data.  It should be read in conjunction with the contract that controls our business together with our general terms and conditions.

GEEX Limited is based at 2 Brandhall Road, Oldbury, Birmingham, B68 8DP. We may process “personal data” (as defined in UK data protection legislation)as part of our contracted services and/or on our administration supporting these contracted services. We may process data on staff and/or contacts (either in client companies or suppliers). The security of all data is important to us as a company and all feasible security measures are in place. Data is not transferred outside the European Economic Area (EEA)where necessary but we do utilise cloud-based services. Data is held as long as they remain relevant to the purpose for collection. Once no longer required, (whether on paper or electronic format), data is deleted by secure means.

Data may be shared with third parties as part of our contracted services and/or if we are required by law to do so. “Third parties” may include specialist contractors we may include in specific projects for clients. We cannot accept any liability for any processing conducted by a third party outside our remit. As part of our compliance, we have conducted a cookie audit on our website. Cookies are internet files used by the system to view websites and their content. We utilise analytical cookies to help us monitor and develop our site. None of the cookies we use are intrusive on your system. You are at liberty to turn off cookies through your browser but you should be aware that this may affect your viewing experience.

None of the above affects your rights under the legislation, in particular your right to access the data we hold on you. If you wish to request a copy of your data, please submit it in writing/email to the Company. Please include enough information to enable us to identify you and search for appropriate data.

If you are dissatisfied with this policy, have queries about our data protection procedures or wish to lodge a complaint, please contact the company in the first instance. Thereafter you have the right to submit a complaint to the Supervisory Authority, the Information Commissioner’s Office (ICO):

The Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Data Fair Processing Notice

We have been asked to assist your business in obtaining finance. This process will involve the processing of your personal data. This Data Protection Notice is intended to give you information on how this personal data (i.e. information which directly or indirectly identifies you) will be processed by GEEX and any company to which GEEX Ltd submit a finance application on behalf of your business. We have not yet identified the finance company or companies to which such an application would be submitted. You will be given details in due course of their identity, but for present purposes we will refer to any such company in this notice as “the Company”

For the purposes of EU data protection laws, the ‘Company’ will be a data controller.

Data That May Be Collected. 

GEEX and the Company may collect certain personal data with respect to you ,including, without limitation, your name, address, date of birth, contact details, credit reference data, financial and employment details, banking and credit card details, director or shareholder roles, income and details of your business. GEEX/Company may collect some of this data from third parties, for example credit reference agencies. Where your business is a corporate entity the GEEX/Company may collect personal data about the directors and share holders of the business from credit reference agencies where this data is held publicly, such as at Companies House.

How else we may collect data

  • Direct interaction: Data you provide to us via email, letter, phone call.
  • Internet Sources: including but not limited to our own website, your company websites, social media accounts and review sites.
  • From Third Parties such as Experian or Credit Safe
 

How we process collected data: 

GEEX & The Company will use your personal data for provision of products and services, credit and Anti Money Laundering (AML) risk assessment, profiling for marketing purposes, market research and product development, statistical analysis, marketing, fraud prevention and detection and otherwise as necessary to comply with applicable laws, regulations and/or codes of practice. The processing of personal data may be necessary for the performance of a contractual relationship, compliance with a legal obligation, or where it is in the legitimate interests of GEEX or the Company or a member of any group of companies to which the GEEX/Company belongs.

Disclosure to Certain Third Parties. GEEX or Company may disclose certain personal data: (i)within any group of companies to which GEEX/Company belongs; (ii) to GEEX or Company’s suppliers and dealers / suppliers, professional advisors and service providers(including, information technology systems providers); (iii) to courts,governmental and non-governmental regulators and ombudsmen; (iv) to fraud prevention agencies and law enforcement agencies; (v) to any third party that acquires, or is interested in acquiring, all or part of the GEEX/Company’s assets or shares, or that succeeds GEEX/Company in carrying on all or a part of its business, whether by merger, acquisition, re-organization or otherwise; and(vi) as otherwise required or permitted by law.

GEEX/Company may share the personal data it collects with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services or finance. Further details of how your information will be used by GEEX/Company and their fraud prevention agencies, and your data protection rights can be found at www.www.mygeex.co.uk or by contacting the Data Privacy Officer(s) whose details will be given to you at the same time as you are informed about the identity of the Company.

In addition, in order to process your application for finance, your personal data will be shared with credit reference agencies (CRAs). GEEX/Company will send information about your applications to CRAs and they will record this, even if your business’ application does not proceed or is unsuccessful. This will include information from your credit application and about your financial situation and financial history. CRAs can give GEEX/Company both public information (e.g. electoral register) and shared credit, financial situation and financial history information and fraud prevention information and GEEX/Company may use the data received to

  • Assess your creditworthiness:
  • Verify the accuracy of the data you have provided:
  • Prevent criminal activity, fraud and money laundering:
  • Manage your account(s);
  • Trace and recover debts; and
  • Ensure any offers provided to you are appropriate to your circumstances.

GEEX or the Company may continue to exchange information about you with CRAs while you have a relationship with them and may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from GEEX or the Company they will place a search footprint on your credit file that may be seen by other lenders.

If you are making a joint application, or tell GEEX/Company that you have a spouse or financial associate, GEEX or the Company may link your records together, so you should make sure you discuss this with them, and share with them this information, before submitting the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at each of the three CRAs websites –using any of these three addresses will take you to the same CRAIN document:

Callcredit www.callcredit.co.uk/crain;Equifax www.equifax.co.uk/crain;Experian www.experian.co.uk/crain

Transfer of Personal Data Outside the European Economic Area (“EEA”)

GEEX or the Company may transfer your personal data to recipients (including affiliates) located in countries outside of the EEA, which may not have data privacy laws equivalent to those in the EEA. In such a case, GEEX/Company is under a duty to take all necessary steps to ensure the safety of your personal data in accordance with applicable data protection laws.

Your Legal Rights

Under applicable EU data privacy laws, you may have a right to: (i) request access to and rectification or erasure of your personal data; (ii) obtain restriction of processing or to object to processing of your personal data; and (iii) data portability (i.e. to request the transfer of personal data from one data controller to another in certain circumstances). If you wish to exercise any of these rights you should contact the Data Privacy Officer(s) at GEEX or the Company whose details will be given to you at the same time as you are informed about the identity of the Company. You also have the right to lodge a complaint about the processing of your personal data with your local data protection authority.

The Company may rely on automated credit assessment based on the personal data which we provide to it and data which it obtain from a credit reference agency or similar sources about your credit profile or history. The outcome of this process can result in an automated decline of your application where it does not meet the Company’s acceptance criteria. The Company has a duty to review these acceptance criteria regularly to ensure fairness in the decisions made,and you have a right to ask it to manually review any decision taken in this manner.

Data Security

GEEX have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal databreach and will notify you and any applicable regulator of a breach where weare legally required to do so.

Retention

GEEX will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. This data will therefore be retained for seven years to allow us to respond to a ‘last minute’ request.

When you are informed of the identity of the Company, you will also be able to contact them and receive the policy it adopts regarding the retention of your personal data.

Data Protection Information Continuity & Security Policy

GEEX Limited process data in the provision of their contracted services and/or inits own administration. Data is processed in accordance with UK data protection legislation.

Data is held in both manual and electronic formats:-

MANUAL – data is held securely and the information is processed in line with the legislation and/or the Company privacy notices. Access is restricted to maintain the integrity of the data and is for those who may require such access to perform their duties.

ELECTRONIC – data is held/processed on a private cloud system and on company servers. Regular backups are taken and held off site. Access is again restricted.

All destruction, once data are no longer relevant, is by secure means.

Enquiries, Requests or Concerns

All enquiries, requests or concerns regarding this Notice or relating to the processing of Personal Data, should be sent to our Data Privacy Officer using the following contact details:

Data Controller:

Address: GEEX Limited, 2 Brandhall Road, Oldbury, Birmingham, B68 8DP

Telephone: 0121 285 0098

Email: info@www.mygeex.co.uk

Data Protection Officer: There is currently no separate appointment. Matters will be handled by the Directors of GEEX Limited