- Cheshire Office
01829 730 554
- Scotland Office
0141 222 5785
Smart Money is committed to protecting and respecting your privacy.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC). The GDPR aims to harmonise data protection legislation across the European Union, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.
Intermediaries: Mortgage brokers, independent financial advisers and introducers
Website Users: any individual who accesses our website.
It does not apply to Smart Money staff and employees who will be issued with separate fair processing information.
For the purposes of the data protection legislation from time to time in force, Smart Money is the data controller and is responsible for your personal data.
What kind of information do we collect?
Your name and your firm contact details and the type of business you conduct.
How do we collect personal data?
We collect information about you when you register as an Introducer Intermediary with Smart Money by completing the registration form on our website (www.smartmoneyloans.co.uk) or by sending us your enquiry or by corresponding with our business development team by phone, e-mail or in person.
You may also provide us with your personal data when you use our website, subscribe to our services, , attend our events, participate in discussion boards or other social media functions on our site, which then redirects you to our website and if you report a problem with our website.
We may also receive personal data about you from other sources such as from third party sources, such as LinkedIn, your business card and personal recommendations. For example, if you 'like' our page on Facebook or 'follow' us on Twitter we will receive your personal information from those sites - they may share personal information about you with us.
What information do we collect about website users?
When you visit our website there is certain information that we may automatically collect, whether or not you decide to use our services. This includes your IP address, the date and the times and frequency with which you access the website and the way you browse its content.
How do we use your personal data and what is the legal basis for the processing?
We use your data as follows:
- Storing your details (and updating them when necessary) on our database, so that we can contact you in relation to our services.
- Sending your information to your Clients (with your prior consent) in order to assess their eligibility for finance.
- Carrying out our obligations arising from any contracts entered into between us.
- Facilitating our payroll and invoicing processes (when Smart Money is responsible for paying you). Verifying details you have provided, using third party resources or regulatory checks.
- Complying with our legal obligations in connection with the detection of crime or the collection of taxes or duties.
- Processing your data to enable us to send you targeted, relevant marketing materials or other communications which we think are likely to be of interest to you.
Our legal basis for the processing of personal data is our legitimate business interests, described in more detail below, although we will also rely on contract, legal obligation and consent for specific uses of data.
We will rely on contract if we are negotiating or have entered into an agreement with you or your organisation or any other contract to provide services to you or receive services from you or your organisation.
We will rely on legal obligation if we are legally required to hold information on to you to fulfil our legal obligations – including where you are applying for finance for your client.
We will in some circumstances rely on consent for particular uses of your data and you will be asked for your express consent, if legally required. Examples of when consent may be the lawful basis for processing include permission to introduce a client to a lender and in relation to sending third party marketing communications to you via email.
With respect to marketing - you have the right to opt out of receiving marketing from us at any time by contacting us on email@example.com. If you have previously engaged with us (for example submitting a loans enquiry) and we are marketing other related services we will take your consent as given unless or until you opt out (this is called soft opt-in consent).
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Our Legitimate Business Interests
Our legitimate interests in collecting and retaining your personal data are described below:
- We think that it is reasonable to expect that if you are looking for finance for your clients or have registered on our website - that you are happy for us to collect and otherwise use your personal data to offer or provide our services to you.
Should we want or need to rely on consent to lawfully process your data we will request your consent orally, by email or by an online process for the specific activity we require consent for and record your response on our system. Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time (as set out below).
Establishing or defending legal claims
- Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, special category personal data in connection with exercising or defending legal claims.
- This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us firstname.lastname@example.org. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Automated Decision Making or Profiling
We do not undertake automated decision making or profiling. We do use our computer systems to search and identify personal data in accordance with parameters set by a person. A person will always be involved in the decision making process.
Cookies are files that are recorded in temporary Internet folders on your PC. They're a useful tool as, by recording the way you use our site, they enable us to get to know you better. For example, we’re able to recognise you when you return to the site, identify your preferences so as to provide you with a more personalised service and speed up searches that you conduct when visiting.
Further Detail on Cookies
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different jobs, like letting you navigate between pages efficiently remembering your preferences, and generally improve your web site experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
We can split cookies into 4 main categories:
- Category 1: strictly necessary cookies
- Category 2: performance cookies
- Category 3: functionality cookies
- Category 4: targeting cookies or advertising cookies
Category 1 - Strictly necessary cookies: these cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like register for job alerts, cannot be provided.
Please be aware our site uses this type of cookie.
Category 2 - Performance cookies: these cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
By using our website and online services, you agree that we can place these types of cookies on your device.
Category 3 - Functionality cookies: these cookies allow the website to remember choices you make (such as your user name and password) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track your browsing activity on other websites.
By using our website and online services, you agree that we can place these types of cookies on your device.
Category 4 - targeting cookies or advertising cookies: these cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisations.
Disclosure of your information inside and outside of the EEA
We may share your personal information within our organisation in the EEA only and with selected third parties including:
- Clients, Lending Patners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you.
- Cloud based storage providers.
- Subcontractors including email marketing specialists, event organisers, payment and other financial service providers.
- Credit reference agencies, our insurance broker, compliance partners where this is a condition of us entering into a contract with you.
We will disclose your personal information to third parties:
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of service and other agreements; or to protect the rights, property, or safety of Smart Money. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where a third party processes your personal data – the lawful basis for the third-party processing will include:
- Satisfaction of their contractual obligations to us as our data processor.
- For the purpose of a contract in place or in contemplation.
- To fulfil their legal obligations.
We require all third parties to respect the security of personal data and to treat it in accordance with the law. We do not allow third-party service providers with whom we may work to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
It is important to be aware that unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. All information you provide to us is stored on our secure servers in the UK. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention of your data
We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and where you are happy for us to do so. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We may archive part or all of your personal data or retain it on our financial systems only, deleting all or part of it from our main Customer Relationship Manager (CRM) system. We may pseudonymise parts of your data, particularly following a request for suppression or deletion of your data, to ensure that we do not re-enter your personal data on to our database, unless requested to do so. For your information, Pseudonymised Data is created by taking identifying fields within a database and replacing them with artificial identifiers, or pseudonyms.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by sending an email to email@example.com.
Your legal rights
Under the GDPR you have the right to:
- Request access to your personal information which involves confirming with us whether we are processing your personal data and if we are, to request access to that personal data including the categories of personal data processed, the purpose of the processing and the recipients or categories of recipients. We do have to take into account the interests of others though, so this is not an absolute right.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. To stop receiving marketing communications from us or change your preferences please contact us firstname.lastname@example.org.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party in certain formats, if practicable.
- Withdraw consent to processing at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: www.ico.org.uk/concerns/
If you wish to exercise any of the rights set out above, please contact the DPR at email@example.com.
- You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
8 Portal Business Park
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so we encourage you to contact us in the first instance.