1. Introduction
This privacy policy relates to the MSP Capital Group. We are committed to protecting your privacy. This notice sets out the information we collect and may obtain about you and the basis on which we control and process it.
2.1. By phone
We may use call number identification to recognise who is calling us and to have a short-term record of calls received. We may record some calls for training and monitoring purposes. We will capture information that you give us for our records and in order to deal with your enquiry and process it in accordance with our processing basis as set out below.
2.2. By email
If you send us an email that is not encrypted any personal data within it may be at risk. We will capture and process the information in the email in alignment with the legal basis and purposes as set out below.
When we send emails they are encrypted during transit from us to our recipients via Secure Sockets Layer (“SSL”). SSL is a method of encrypting traffic from one point to another, in this case the email sent by us to you. We may also, in certain circumstances, encrypt some emails or their content in order to protect personal data.
2.3. By post
When we receive an enquiry or application in paper format, it will contain personal information for applicant(s) and possibly other parties in connection with the property(ies) or for funders. We will capture and process the information in the application in alignment with the legal basis and purposes as set out below.
2.4 From our website
2.4.1. Visitation tracking
Like most websites, this site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
We use this information only to allow us to improve our service and offering.
Although Google Analytics records data such as your geographical location, device, internet browser and operating system based on your computer’s IP address, none of this information personally identifies you to us. We do not usually attempt to use this information to try to identify visitors and do not allow Google Analytics to do so either. We reserve the right to do so in the event that the visit is for a malicious or unlawful purpose.
We consider Google to be a third party data processor (see item 10 below).
Please refer to our section in this policy on cookies for more information
2.4.2. Contact forms and email links
Should you choose to contact us via our website or via direct email, the data that you supply will not be stored by this website or passed to/be processed by any third party data processors defined at item 10 below. If you use the contact form on our website, the data will be collated into an email and send to us via SSL.
Your data will be retained for as long as is required either by law or contract and in alignment with our data retention policy statements below.
If you complete our online application form, the data you supply will be treated in the same way as set out above.
2.4.3. Cookies
The MSP website only uses cookies that are necessary to its functioning or are to provide anonymised website analytics (such as Google Analytics). This in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Many web browsers automatically accept cookies, but you can usually modify your web browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
2.4.4. Email Newsletter
If you choose to join our email newsletter, the information that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor (see item 10 below). The information that you provide will not be stored within this website’s own database.
Your details will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request to remove it from the list. If you would like to be removed from the list, you can do so by using the unsubscribe links contained in any email newsletters that we send to you or by sending us an email to [email protected]. When making a request to be removed by way of email, please ensure to provide us with the email address that is subscribed to the mailing list.
While your email address remains within the MailChimp database, you will receive periodic newsletter-style emails from us. These will generally be our E-newsletter and occasionally an email about specific events or new products we are offering.
In providing information to us about other people you warrant that you have an appropriate legal basis to give us their data and that you have provided them with our privacy notice so that they are aware of the basis on which we will process their information. We store information provided to us in both electronic and paper based systems.
We may obtain information about you from other providers such as credit reference agencies (see below), via google and other websearch tools, social media, or other providers of public information services such as land registry. We only do this when we are considering whether or not to offer you a loan or manage any loan offered, consider you for a job or work with you as a funder or service provider.
5. Sensitive Data
We may capture sensitive data about you with regards to your or a related person’s health if you advise of an issue that we may need to take into account in dealing with your loan. We will retain this information where the law or contract so requires and in any case in alignment with our data retention statements below
6. Basis of processing data and who we share your data with
6.1. Legitimate Interests
We will hold and process your data for our legitimate interests in order to:
- Determine whether or not to offer a loan
- Manage any relationship with intermediaries including a record of introductions, payments made and other relevant information appropriate to managing the relationship
- Manage the relationship with funders or anyone applying to become a funder and to maintain appropriate records relevant to that relationship
- To manage business relationships with our professional advisers, contractors and third party providers
- To consider any application for a job, including CV’s, and whether to progress it
- Share information where necessary with funders, our professional advisers, contractors and third party providers and anyone who may wish to acquire all or any part of our business
- Carry out checks with fraud prevention and credit agencies and tracing agencies if required (see below)
- Share information with any recruitment agency or search provider about your job application
- Create anonymised an aggregated usage reports of our website
6.2 Contractual Purposes
- To provide contracted services as required including;
- Share information with your broker about your application or the status of your loan
- Share information with other companies in the same group and associated companies
- Manage any loan advanced through to redemption
- Communicating with you regarding any aspect of your service with us
6.3 Legal Purposes
We will hold and process your data for legal purposes in order to:
- Meet our legal obligations
- Help identify you and meet our anti-money laundering obligations
- Supply information to any government body, regulatory authority, law enforcement agency as required and to credit and fraud prevention agencies
6.4 By Consent
We will hold and process your data by consent for marketing purposes in order to keep you informed of:
- Our products and services and those of any group or related company
- Information contained in any newsletter we may issue
- Products and services of any selected third parties where you have agreed to this
We may use a third-party provider to issue this information to you but will not share your information with any other third party for marketing purposes.
We may also gather information on our marketing in order to understand and measure the effectiveness of it and to make improvements as a result.
We may gather data from time-to-time from participants of competitions we run as part of our sponsorship of AFC Bournemouth. This data will only be processed as part of the competition and associated draw, unless otherwise specified.
We will retain information for our legitimate interests and legal purposes as follows:
- Loans advanced – up to 6 years after the loan has redeemed but may be longer where legal action has been taken or is pending
- Enquiries and applications for loans not advanced – up to 6 years from the date the enquiry or application is marked not proceeded with – may be longer where a fraudulent application is made. We may also need to keep any anti-money laundering information gathered for a period of up to 5 years
- Intermediaries – up to 6 years from the end of our relationship
- Funders – up to 6 years from the end of our relationship
- Professional advisers, contractors and third-party advisers – up to 6 years from the end of our relationship.
- Employees – up to 6 years after your employment ceases.
- Job Applicants – up to 4 months for unsuccessful applicants. Successful applicants will become employees and subject to that timescale.
- Competition participants – unless explicit consent has been given to retain data for marketing purposes, we retain participant information until up to 28 days after the competition has ended.
8. Credit reference checks
When we carry out checks with Credit Reference Agencies (CRA) we supply information to them based on the details you provide. We provide information to you on this before we carry out the search.
We may also carry out checks with them in order to identify you, and for fraud prevention purposes.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the way in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA information notice (CRAIN). CRAIN is accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:
- Callcredit: www.callcredit.co.uk/crain
- Equifax: www.equifax.co.uk/crain.html
- Experian: www.experian.co.uk/crain/index.html
When you take a loan from us, we may also make periodic searches at CRAs to manage your account with us.
Please ask us if you require details of the CRAs or any other agencies we may pass your information to and who we receive information from about you.
This website is hosted by Cloudways (https://www.cloudways.com)within a highly secure UK data centre. Cloudways take many precautions to keep their servers safe from the full range of potential dangers; such as hacking, hardware failures, software failures, and physical damage. Access to the servers is tightly controlled and limited to just essential personnel. Power is drawn from the National Grid through two different sources, and they also have two interruptible power supplies, as well as on site generators. All data is kept safe behind a security firewall with multiple layers of protection.
We use two third parties on our website to process personal data on our behalf.Google
Google help us by providing statistics on our website use. To do this they track interactions by users and the websites. You can learn more about how Google is working in respect of privacy by visiting their website here: https://privacy.google.com/?hl=en#
Mailchimp
MailChimp are a USA based organisation and are fully committed to respecting all applicable data protection regulations. You can read more about this on their website at https://mailchimp.com/help/mailchimp-european-data-transfers/
With the exception of our website thirdparty, MailChimp, all information is retained within the UK. If we were to export any of your data to a non-UK state, we would take appropriate measures to protect the data.
We strive to ensure that your personal information is kept up to date and accurate. If any of the personal information you have given to us or third parties changes, such as your contact details or residential address, please promptly inform us in accordance with the terms and conditions of your agreement with us.
You will be required to provide us with any changes to your personal information under the agreement you enter into with us if your application for a loan is accepted. If you fail to do so this will put you in breach of your agreement.
You have the right as an individual to request details on the information we hold on you and to ask us to correct any information which may be inaccurate. To exercise your right please contact us and ask for a Data Subject Access Request form.
You are also able to exercise your right to be forgotten. This does not mean we will have to automatically delete all information held on you as we may still need to keep appropriate information in order to meet our legal obligations and for our legitimate interests.
There are other rights which, due to the basis on which we process data, you may not always be able to exercise. These include:
- To restrict processing of your data
- To provide your data in a portable format
- To object to the processing of your data
You might also wish to complain about the way in which we have processed your data.
To exercise your rights or to make a complaint please contact us at:
[email protected] or 01202 743400 or Strata House, 12-14 Castle Street, Poole BH15 1BQ
You also have the right to make a complaint to the Information Commissioners Office. You can make a complaint to them via their website www.ico.org.uk or by calling them on 0303 123 1113.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
The data controller of this website is: MSP Capital Limited, a UK Private Limited Company with company number 01543169
Whose registered office is:
Strata House
12-14 Castle Street
Poole
Dorset
BH17 1BQ
The companies in the MSP Capital Group are MSP Capital Ltd, MSP Capital One Limited, MSP Capital Two Limited, MSP Capital Three Limited, MSP Capital Four Limited and MSP Capital Five Limited.
This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this policy periodically for any policy changes.
Policy Updated: 10 June 2021
