Your Personal Data: A Privacy Notice
Financial Claims Advisory Service Ltd (FCAS) will act as a ‘Data Controller’ of the personal data provided to us.
What we need
This data includes all basic information you have provided, including name (current and previous), address (current and previous), telephone number, email address, date of birth, etc. This also includes the details of any financial business you have identified as holding credit with, the credit type, and (provided either by you or said financial businesses) the details of those products.
If we are identify a financial products for which a complaint can be made for mis-selling, we will also need to obtain from you, and process some additional information, relating to your employment and medical-history.
If you consent for FCAS to send information about any future products we may offer, then we will retain your basic contact details, in order to get in touch with you.
Why we need this data
FCAS requires this data, firstly to verify your consent to act on your behalf as Claims Management Company and approach the financial businesses you have identified. Secondly, it is necessary in order to be able to locate and access the required historic financial data with said businesses. Finally, it forms the basis of the complaint(s) being made on your behalf for claiming redress, on your behalf.
This consent, ‘contractual obligation’ and ‘legitimate business interest’ form FCAS’s legal basis for processing your personal data.
What we will do with your data
The data you provide will be shared with the financial businesses you have identified as wishing to investigate. If necessary, it may also be provided to intermediary or regulatory bodies, such as The Financial Ombudsman Service or The Financial Services Compensation Scheme, if a mis-selling complaint cannot be resolved directly with said financial business.
All data processed by FCAS is done within our offices in the UK. However, we also utilise the services of Direct Data Capture Ltd (DDC Ltd), registered in the UK. In turn, DDC Ltd may use the services of International Data Conversion Solutions, Inc. (IDCSI) based in The Philippines. IDCSI will act on behalf of DDC Ltd, as a ‘sub-processor’. Data is only passed to DDC Ltd for the express use of processing for FCAS, and is not used, retained or sub-processed for any other purpose. DDC Ltd provides FCAS with details of their own Appropriate Safeguards, security and privacy procedures with regards to their relationship with IDCSI. This is bound by the Standard Contractual Clauses for Data Transfer outside of the European Economic Area (EEA), within their own written contracts.
What we would also like to do with it
We would however like to use your name and email address to inform you of our future offers and similar products. This information is not shared with third purposes and you can unsubscribe at any time via phone, email or our website. You can tick the box below; if this is something you would like to sign up to.
How long we will keep your data
FCAS is conscious to ensure that we respect our clients’ right to be ‘forgotten’, and to this end we aim to keep your data for no longer than necessary. Due to regulatory requirements, FCAS will keep the data of any client who we have entered into a process of re-claiming PPI, either for a period of six years from the completion of our contract, or at the point the business closes, whichever occurs first. Should the process not proceed, then data will be held for no longer than sixty days. After this point, your data will be removed or anonymised. Data held by DDC Ltd (or their sub-processors) shall be removed from their systems after sixty days from the completion of their processing.
If you consent for FCAS to send information about any future products we may offer, then we will retain your basic contact details, until such time as the business closes, or you request to have your information removed.
What are your rights?
If at any point you believe the information we process on you is incorrect you request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO) by contacting them on 0303 123 1113 or visiting https://ico.org.uk/.
Our Data Protection Officer is Edward Beesley and you can contact them at email@example.com.