Your personal information will be held securely by Chetwood Financial Limited, company number 09964966 of Ellice Way, Wrexham Technology Park, Wrexham, LL13 7YT. Chetwood Financial Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority, under registration number 740551.
Authorisation can be checked on the Financial Services Register at www.fca.org.uk. In this policy, we, us and our, refers to Chetwood Financial Limited (‘Chetwood’).
Chetwood are the data controller (this means an organisation who determines the purposes and manner in which any personal data is processed) of your information under data protection laws because, in the context of our business relationship with you, we decide how and why it is processed in the ways explained in this policy. We’re registered with the Information Commissioner's Office, in compliance with the Data Protection Act 1998, under registration ZA218401.
Chetwood as data controller and our Data Protection Officer can be contacted at the ”Contact Us” section on our website at any time, including if you have queries about this policy, or wish to exercise any of the rights mentioned in it.
You will see at the end of this policy that we mention the privacy policies of Credit Reference Agencies (CRAs) we use. We need to share these with you. Please read them carefully and contact those organisations if you have any questions (their details are in their policies).
We conduct some recruitment through intermediaries such as Recruitment Agencies.
We will generally collect your personal information from you directly. If you are introduced to us by an intermediary, we may obtain some personal information about you indirectly from them when they introduce you to us.
This will include information you provide, and any additional information provided by others in various ways, including: (a) in emails and secure website messages; and (b) information Chetwood receives from other organisations (for example, CRAs, recruitment agencies and Disclosure and Barring Service (DBS)). This can also be from information we gather from your use of, and interaction with, our internet services.
Some of the personal information obtained from CRAs will have originated from publicly accessible sources. CRAs draw on court decisions, bankruptcy registers and the electoral register (also known as the electoral roll). We explain more about CRAs below.
This will include:
Data protection laws require us to explain what legal grounds justify us using your personal information (this includes sharing it with other organisations). The laws refer to “processing” of information – a term which includes everything we do with your personal information from its collection, right through to its destruction or deletion when we no longer need it. For some processing, more than one legal ground may be relevant (except where we rely on a consent). Here are the legal grounds that are relevant to us:
As set out in the previous section, much of what we do with your personal information is not based on your consent, instead it is based on other legal grounds. For processing that is based on your consent (this is set out in point 4 of the previous section), you have the right to take back that consent for future processing at any time.
You can do this by contacting us through the “Contact Us” section on our website. If you do, you should tell us which of the relevant uses you want to withdraw your consent from. Withdrawal of your consent will not prevent us using your personal information where we are doing so on one or more of the other legal grounds.
We will tell the intermediary who introduced you to us that you have withdrawn your consent, only if they are our data processor (this means an organisation who is processing personal information on our behalf) or if we are required to do so when you exercise certain rights under data protection laws.
You should make sure to contact them directly to withdraw your consent for what they do with your personal information, as a data controller in their own right.
We’re based in the UK and will generally store it in the UK, but we may transfer your personal information abroad, which may involve a transfer to another country in the European Economic Area (EEA) or outside the EEA. If your information is processed within the EEA it is protected by European data protection standards. If your information is transferred outside the EEA, we’ll make sure that suitable safeguards are in place before we transfer the information. These safeguards may include contractual obligations imposed on the recipients of your information to protect it to the same standards required in the EEA and/or to require the recipient to subscribe to international frameworks intended to enable secure data sharing. You can find out more by contacting us through “Contact Us” on our website.
In order to process your application for employment, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). CRAs collect and maintain information about natural persons credit behaviour. This includes the Electoral Register, fraud and crime information, and credit information, including details of the conduct of your accounts, and public information such as County Court Judgements, decrees, and bankruptcies.
Where you have a business relationship with us we may also make periodic searches at CRAs to manage the relationship. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation, financial history and fraud prevention information.
We will use this information to:
You should tell us without delay so that we can update our records by getting in touch at “Contact Us” on our website. If you were introduced to us by an intermediary who have informed you they are a data controller in its own right (they will have given you a similar policy to this one), you should contact them separately. In some cases where you exercise rights against us under data protection laws (see below), we may need to inform the intermediary, but this will not always be the case.
You are unable to enter a business relationship with us without us having personal information about you. Your personal information is required before you can enter into the relevant contract with us, or it is required during the life of that contract, or it is required by laws that apply to us. In cases where providing some personal information is optional, we will make this clear.
In this section, where we refer to “monitoring” this means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, internal Chetwood assets and other communications.
We may monitor, where permitted by law, and we will do this where the law requires it. Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you and for quality control and training purposes.
When we search CRA files in assessing your application, the CRAs also give us other details and information from the Electoral Register to verify your identity. They keep a record of our application, whether or not your business relationship commences with us.
When you visit our website, our web servers automatically obtain your domain name, IP address and details about your device. These details reveal nothing personal about you. We use this information to investigate abuse of our website and its users, and to co-operate with law enforcement. We share this information with third parties, but only in aggregate.
Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this policy.
Unless we explain otherwise to you, we will hold your personal information for the following periods:
Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. For example, there may be legal reasons, such as the need to prevent fraud or crime, for us to comply with our regulatory requirements or to perform the contract with you, which limit when they can be exercised. If you wish to exercise any of them, we will explain at that time if they are engaged or not.
If you are not satisfied with any aspect of the way that we process your information or fulfil our obligations, you have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/
If you want to contact us to exercise these rights, select “Contact Us” on our website.
If you wish to exercise any of these rights against the CRAs, or an intermediary who is data controller in its own right, you should contact them directly.
We have mentioned that we share your personal information with Credit Reference Agencies. They require us to pass on to you, information about how they will use your personal information to perform their services or functions as a data controller in their own right. This notice is separate to our own. It is in the separate leaflet that can be found at;