1. Introduction

This privacy policy relates to the MSP Capital Group. We are committed to protecting your privacy. This notice sets out the information we collect and may obtain about you and the basis on which we control and process it.

2. Personal information that we collect and why we collect it

2.1. By phone

We may use call number identification to recognise who is calling us and to have a short-term record of calls received. We may record some calls for training and monitoring purposes. We will capture information that you give us for our records and in order to deal with your enquiry and process it in accordance with our processing basis as set out below.

2.2. By email

If you send us an email that is not encrypted any personal data within it may be at risk. We will capture and process the information in the email in alignment with the legal basis and purposes as set out below.

When we send emails they are encrypted during transit from us to our recipients via Secure Sockets Layer (“SSL”). SSL is a method of encrypting traffic from one point to another, in this case the email sent by us to you. We may also, in certain circumstances, encrypt some emails or their content in order to protect personal data.

2.3. By post

When we receive an enquiry or application in paper format, it will contain personal information for applicant(s) and possibly other parties in connection with the property(ies) or for funders. We will capture and process the information in the application in alignment with the legal basis and purposes as set out below.

2.4 From our website

2.4.1. Visitation tracking

Like most websites, this site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

We use this information only to allow us to improve our service and offering.

Although Google Analytics records data such as your geographical location, device, internet browser and operating system based on your computer’s IP address, none of this information personally identifies you to us. We do not usually attempt to use this information to try to identify visitors and do not allow Google Analytics to do so either. We reserve the right to do so in the event that the visit is for a malicious or unlawful purpose.

We consider Google to be a third party data processor (see item 10 below).

Please refer to our section in this policy on cookies for more information

2.4.2. Contact forms and email links

Should you choose to contact us via our website or via direct email, the data that you supply will not be stored by this website or passed to/be processed by any third party data processors defined at item 10 below. If you use the contact form on our website, the data will be collated into an email and send to us via SSL.

Your data will be retained for as long as is required either by law or contract and in alignment with our data retention policy statements below.

If you complete our online application form, the data you supply will be treated in the same way as set out above.

2.4.3. Cookies

The MSP website only uses cookies that are necessary to its functioning or are to provide anonymised website analytics (such as Google Analytics). This in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Many web browsers automatically accept cookies, but you can usually modify your web browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

2.4.4. Email Newsletter

If you choose to join our email newsletter, the information that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor (see item 10 below). The information that you provide will not be stored within this website’s own database.

Your details will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request to remove it from the list. If you would like to be removed from the list, you can do so by using the unsubscribe links contained in any email newsletters that we send to you or by sending us an email to [email protected]. When making a request to be removed by way of email, please ensure to provide us with the email address that is subscribed to the mailing list.

While your email address remains within the MailChimp database, you will receive periodic newsletter-style emails from us. These will generally be our E-newsletter and occasionally an email about specific events or new products we are offering.

3. Providing information to us on other people including via brokers

In providing information to us about other people you warrant that you have an appropriate legal basis to give us their data and that you have provided them with our privacy notice so that they are aware of the basis on which we will process their information. We store information provided to us in both electronic and paper based systems.

4. Other parties we may obtain information from

We may obtain information about you from other providers such as credit reference agencies (see below), via google and other websearch tools, social media, or other providers of public information services such as land registry. We only do this when we are considering whether or not to offer you a loan or manage any loan offered, consider you for a job or work with you as a funder or service provider.

5. Sensitive Data

We may capture sensitive data about you with regards to your or a related person’s health if you advise of an issue that we may need to take into account in dealing with your loan. We will retain this information where the law or contract so requires and in any case in alignment with our data retention statements below

6. Basis of processing data and who we share your data with

6.1. Legitimate Interests

We will hold and process your data for our legitimate interests in order to:

6.2 Contractual Purposes

6.3 Legal Purposes

We will hold and process your data for legal purposes in order to:

6.4 By Consent

We will hold and process your data by consent for marketing purposes in order to keep you informed of:

We may use a third-party provider to issue this information to you but will not share your information with any other third party for marketing purposes.

We may also gather information on our marketing in order to understand and measure the effectiveness of it and to make improvements as a result.

We may gather data from time-to-time from participants of competitions we run as part of our sponsorship of AFC Bournemouth. This data will only be processed as part of the competition and associated draw, unless otherwise specified.

7. Retaining information

We will retain information for our legitimate interests and legal purposes as follows:

8. Credit reference checks

When we carry out checks with Credit Reference Agencies (CRA) we supply information to them based on the details you provide. We provide information to you on this before we carry out the search.

We may also carry out checks with them in order to identify you, and for fraud prevention purposes.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the way in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA information notice (CRAIN). CRAIN is accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:

When you take a loan from us, we may also make periodic searches at CRAs to manage your account with us.

Please ask us if you require details of the CRAs or any other agencies we may pass your information to and who we receive information from about you.

9. About our website’s server

This website is hosted by Cloudways (https://www.cloudways.com)within a highly secure UK data centre. Cloudways take many precautions to keep their servers safe from the full range of potential dangers; such as hacking, hardware failures, software failures, and physical damage. Access to the servers is tightly controlled and limited to just essential personnel. Power is drawn from the National Grid through two different sources, and they also have two interruptible power supplies, as well as on site generators. All data is kept safe behind a security firewall with multiple layers of protection.

10. Our website’s third-party data processors

We use two third parties on our website to process personal data on our behalf.Google

Google help us by providing statistics on our website use. To do this they track interactions by users and the websites. You can learn more about how Google is working in respect of privacy by visiting their website here: https://privacy.google.com/?hl=en#

Mailchimp

MailChimp are a USA based organisation and are fully committed to respecting all applicable data protection regulations. You can read more about this on their website at https://mailchimp.com/help/mailchimp-european-data-transfers/

11. Where we store your data

With the exception of our website thirdparty, MailChimp, all information is retained within the UK. If we were to export any of your data to a non-UK state, we would take appropriate measures to protect the data.

12. Keeping your information accurate

We strive to ensure that your personal information is kept up to date and accurate. If any of the personal information you have given to us or third parties changes, such as your contact details or residential address, please promptly inform us in accordance with the terms and conditions of your agreement with us.

You will be required to provide us with any changes to your personal information under the agreement you enter into with us if your application for a loan is accepted. If you fail to do so this will put you in breach of your agreement.

13. Your Rights

You have the right as an individual to request details on the information we hold on you and to ask us to correct any information which may be inaccurate. To exercise your right please contact us and ask for a Data Subject Access Request form.

You are also able to exercise your right to be forgotten. This does not mean we will have to automatically delete all information held on you as we may still need to keep appropriate information in order to meet our legal obligations and for our legitimate interests.

There are other rights which, due to the basis on which we process data, you may not always be able to exercise. These include:

You might also wish to complain about the way in which we have processed your data.

To exercise your rights or to make a complaint please contact us at:

[email protected] or 01202 743400 or Strata House, 12-14 Castle Street, Poole BH15 1BQ

You also have the right to make a complaint to the Information Commissioners Office. You can make a complaint to them via their website www.ico.org.uk or by calling them on 0303 123 1113.

14. Data Breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

15. Data Controller

The data controller of this website is: MSP Capital Limited, a UK Private Limited Company with company number 01543169

Whose registered office is:

Strata House

12-14 Castle Street

Poole

Dorset

BH17 1BQ

The companies in the MSP Capital Group are MSP Capital Ltd, MSP Capital One Limited, MSP Capital Two Limited, MSP Capital Three Limited, MSP Capital Four Limited and MSP Capital Five Limited.

16. Changes to our Privacy Policy

This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this policy periodically for any policy changes.

Policy Updated: 10 June 2021