{"id":42,"date":"2025-08-31T07:02:42","date_gmt":"2025-08-31T07:02:42","guid":{"rendered":"https:\/\/clients.finsburymedia.com\/finance-house\/?page_id=42"},"modified":"2025-12-05T06:39:36","modified_gmt":"2025-12-05T06:39:36","slug":"data-protection-policy","status":"publish","type":"page","link":"https:\/\/clients.finsburymedia.com\/finance-house\/data-protection-policy\/","title":{"rendered":"Data Protection Policy"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Data Protection Policy<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

1. Introduction  <\/span><\/h2>\n

Finance House Ltd needs to gather and use certain information about individuals.<\/span><\/p>\n

This can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.<\/span><\/p>\n

This policy describes how this personal data must be collected, handled and stored to meet the company\u2019s data protection standards \u2014 and to comply with the law.<\/span><\/p>\n

2. Why this policy exists<\/span><\/h2>\n

This data protection policy ensuresFinance House Ltd.<\/span><\/p>\n

    \n
  • Complies with data protection law and follows good practice<\/span><\/li>\n
  • Protects the rights of all individuals\u2019 data<\/span><\/li>\n
  • Is open about how it stores and processes individuals\u2019 data in line with individuals\u2019 rights<\/span><\/li>\n
  • Protects itself from the risks of a data breach<\/span><\/li>\n<\/ul>\n

    3. Data protection law<\/span><\/h2>\n

    The General Data Protection Regulations describe how organisations \u2014 including Finance House Ltd must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically or otherwise.<\/span><\/p>\n

    To comply with the law, personal information must be;<\/span><\/p>\n

      \n
    • Processed lawfully, fairly and in a transparent manner in relation to individuals;<\/span><\/li>\n
    • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;<\/span><\/li>\n
    • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;<\/span><\/li>\n
    • Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;<\/span><\/li>\n
    • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;<\/span><\/li>\n
    • Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.<\/span><\/li>\n<\/ul>\n

      Record Keeping:<\/span><\/h3>\n

      A range of information must be detailed in our internal records of processing activities. Such areas include;<\/span><\/p>\n

        \n
      • Name and details of the organisation<\/span><\/li>\n
      • Include, if appropriate, details of other data controllers, the organisation\u2019s representative and data protection officer<\/span><\/li>\n
      • Purposes of processing the data<\/span><\/li>\n
      • Description of the categories of individuals and the categories of personal data<\/span><\/li>\n
      • Categories of the recipients of personal data<\/span><\/li>\n
      • Details of transfers of data to third parties or abroad, including details of safety mechanisms<\/span><\/li>\n
      • Retention schedules<\/span><\/li>\n
      • Technical and organisational security measures<\/span><\/li>\n<\/ul>\n

        Finance House Ltd ensures that records of these activities are kept and are updated accordingly. An individuals\u2019 personal data is kept retained for 6 years in line with the Financial Conduct Authorities record keeping rules or other legal reasons, such as Professional Indemnity Insurance. After which point, personal data is retracted to the point it is unidentifiable and used for statistical purposes only.<\/span><\/p>\n

        4. Lawful Basis for Processing Data<\/span><\/h2>\n

        Under GDPR, it is a requirement thatFinance House Ltd has a valid lawful basis to process personal data, this should be documented. Most lawful bases require that processing is \u2018necessary\u2019.<\/span><\/p>\n

        The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever Finance House Ltd process personal data:<\/span><\/p>\n

        Processing is lawful under GDPR as:<\/span><\/p>\n

          \n
        • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.<\/span><\/li>\n
        • Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.<\/span><\/li>\n
        • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).<\/span><\/li>\n
        • Vital interests: the processing is necessary to protect someone\u2019s life.<\/span><\/li>\n
        • Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.<\/span><\/li>\n
        • Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual\u2019s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)<\/span><\/li>\n<\/ul>\n

          Finance House Ltd has chosen this basis for processing data as it is requested from the individuals that we capture data before entering into a contract (e.g. provide a quote for finance).<\/span><\/p>\n

          Special categories of data may be captured by Finance House Ltd for example, information about an individual\u2019s:<\/span><\/p>\n

            \n
          • Trade union membership;<\/span><\/li>\n
          • Genetics;<\/span><\/li>\n
          • Biometrics (where used for ID purposes);<\/span><\/li>\n
          • Health<\/span><\/li>\n<\/ul>\n

            Where Finance House Ltd processes criminal conviction data or data about offences, a lawful basis for general processing and an additional condition for processing this type of data will be identified.<\/span><\/p>\n

             Finance House Ltd has identified both a lawful basis for general processing and an additional condition for processing this type of data.<\/p>\n

             A full detailed data processor map is available on request<\/p>\n

            5. Responsibilities<\/span><\/h2>\n

            Finance House Ltd acts as a data controller. All staff are responsible for ensuring that the highest data standards and best practices are met on a continual basis.<\/span> <\/p>\n

            Although a Data Protection Officer (DPO) has not been appointed as Finance House Ltd does not fall within the scope, the Board\/Director are accountable and responsible for compliance with GDPR and will take on the tasks appointed to them as if they were a DPO.<\/span><\/p>\n

            6. Data Protection Impact Assessments (DPIA)<\/span><\/h2>\n

            Finance House Ltd has a general obligation to implement technical and organisational measures to demonstrate that data protection is integrated into our processing activities. A Data Protection Impact Assessment is conducted each time Finance House Ltd consider implementing using new technologies<\/span><\/p>\n

             The DPIA will pertain at least; <\/p>\n

              \n
            • A description of the processing operations and the purposes, including, where applicable, the legitimate interests pursued by the controller;<\/span><\/li>\n
            • An assessment of the necessity and proportionality of the processing in relation to the purpose;<\/span><\/li>\n
            • An assessment of the risks to individuals;<\/span><\/li>\n
            • The measures in place to address risk, including security and to demonstrate that you comply.<\/span><\/li>\n<\/ul>\n

              7. Individuals Rights<\/span><\/h2>\n

              7.1 Individuals now have more rights under GDPR, these are;<\/span><\/h3>\n
                \n
              • The Right to be Informed<\/span><\/li>\n
              • The Right of Access<\/span><\/li>\n
              • The Right to Rectification<\/span><\/li>\n
              • The Right to Erasure<\/span><\/li>\n
              • The Right to Restrict Processing<\/span><\/li>\n
              • The Right to Data Portability<\/span><\/li>\n
              • The Right to Object<\/span><\/li>\n
              • Rights in relation to automated decision making and profiling.<\/span><\/li>\n<\/ul>\n

                Finance House Ltd provide every customer with a Privacy Notice at the point data is captured. <\/p>\n

                The information supplied in this notice demonstrates how Finance House Ltd is transparent over our data processing. The notice is;<\/span> <\/p>\n

                  \n
                • Concise, transparent, intelligible and easily accessible;<\/span><\/li>\n
                • Written in clear and plain language, particularly if addressed to a child; and free of charge.<\/span><\/li>\n<\/ul>\n

                  We include details of (but not limited to);<\/span> <\/p>\n

                    \n
                  • The Data Controller, the lawful reason for processing data, if any third parties have legitimate interests, categories of personal data, categories of recipients such as banks and credit unions, the data retention periods,<\/span><\/li>\n
                  • The individuals\u2019 rights; including the right to withdraw, where the individual can complain about how the data is processed with a supervisory authority, source of data when it comes from a third party and where personal data is part of a contractual requirement or obligation.<\/span><\/li>\n<\/ul>\n

                    7.2 Rectification<\/span> <\/span><\/h3>\n

                    Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If Finance House Ltd has disclosed the personal data in question to third parties, then we will inform them of the rectification where possible.<\/span> <\/p>\n

                    Finance House Ltd will respond to this request within one month or extended by two months where the request for rectification is complex.<\/span><\/p>\n

                    7.3 Erasure<\/span> <\/span><\/h3>\n

                    Individuals have a right to have personal data erased and to prevent processing in specific circumstances;<\/span> <\/p>\n

                      \n
                    • Where the personal data is no longer necessary in relation to the purpose for which it was originally collected\/processed.<\/span><\/li>\n
                    • When the individual withdraws consent.<\/span><\/li>\n
                    • When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.<\/span><\/li>\n
                    • The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).<\/span><\/li>\n
                    • The personal data must be erased to comply with a legal obligation.<\/span><\/li>\n
                    • The personal data is processed in relation to the offer of information society services to a child.<\/span><\/li>\n
                    • Under the GDPR, this right is not limited to processing that causes unwarranted and substantial damage or distress. However, if the processing does cause damage or distress, this is likely to make the case for erasure stronger.<\/span><\/li>\n<\/ul>\n

                      Finance House Ltd may refuse to comply with a request for erasure where the personal data is processed for the following reasons;<\/span> <\/p>\n

                        \n
                      • To exercise the right of freedom of expression and information;<\/span><\/li>\n
                      • To comply with a legal obligation for the performance of a public interest task or exercise of official authority.<\/span><\/li>\n
                      • For public health purposes in the public interest;<\/span><\/li>\n
                      • Archiving purposes in the public interest, scientific research historical research or statistical purposes; or<\/span><\/li>\n
                      • The exercise or defence of legal claims.<\/span><\/li>\n<\/ul>\n

                         If Finance House Ltd has disclosed the personal data in question to third parties, a notification will be sent, informing them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so.<\/p>\n

                        7.4 Restrict processing<\/span> <\/span><\/h3>\n

                        Finance House Ltd will restrict the processing of personal data in the following circumstances;<\/span> <\/p>\n

                          \n
                        • Where an individual contests the accuracy of the personal data, you should restrict the processing until you have verified the accuracy of the personal data.<\/span><\/li>\n
                        • Where an individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and you are considering whether your organisation\u2019s legitimate grounds override those of the individual.<\/span><\/li>\n
                        • When processing is unlawful, and the individual opposes erasure and requests restriction instead.<\/span><\/li>\n
                        • If you no longer need the personal data but the individual requires the data to establish, exercise or defend a legal claim.<\/span><\/li>\n<\/ul>\n

                          If any data has been disclosed to third parties,Finance House Ltd will notify them about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so.<\/span><\/p>\n

                          7.5 Portability<\/span><\/h3>\n

                          For personal data an individual has provided to a controller; where the processing is based on the individual\u2019s consent or for the performance of a contract; and when processing is carried out by automated means, Finance House Ltd must provide the personal data in a structured, commonly used and machine-readable form. Open formats include CSV files. Machine readable means that the information is structured so that software can extract specific elements of the data. This enables other organisations to use the data.<\/span><\/p>\n

                          Finance House Ltd must provide this service free of charge.<\/p>\n

                           If the individual requests it, we may be required to transmit the data directly to another organisation if this is technically feasible. Finance House Ltd will respond without undue delay, and within one month or extended by two months where the request is complex or receive many requests.<\/p>\n

                          7.6 Objecting<\/span> <\/span><\/h3>\n

                          If an individual has objected to processing data or direct marketing, Finance House Ltd will cease to process the data.<\/span> <\/p>\n

                          Individuals must have an objection on \u201cgrounds relating to his or her particular situation\u201d. Finance House Ltd will stop processing the personal data unless;<\/span> <\/p>\n

                            \n
                          • Compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or<\/span><\/li>\n
                          • The processing is for the establishment, exercise or defence of legal claims.<\/span><\/li>\n<\/ul>\n

                            This is brought to the attention of the data subject at the first point of communication and in our privacy notice. This is separated out from any other information.<\/span><\/p>\n

                            7.7 Direct Marketing Purposes<\/span> <\/span><\/h3>\n

                            As soon as an objection is received, Finance House Ltd will stop processing personal data for direct marketing purposes. This will be actioned at any stage and is free of charge.<\/span> <\/p>\n

                            Finance House Ltd offer an online presence, www.financehousecommercial.com; we offer a way for individuals to object online.<\/span><\/p>\n

                            7.8 Automated decision-making including profiling<\/span> <\/span><\/h3>\n

                            Finance House Ltd understand that any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person, or to analyse, or predict that person\u2019s performance at work, economic situation, location, health, personal preferences, reliability, or behaviour falls under this right.Where this is conducted, the rules and guidance of the ICO will be adhered to and followed.<\/span><\/p>\n

                            8. Subject Access Requests (SAR)<\/span> <\/span><\/h2>\n

                            Individuals who are the subject of personal data held by Finance House Ltd are entitled to;<\/span> <\/p>\n

                              \n
                            • Confirmation that their data is being processed<\/span><\/li>\n
                            • Access to their personal data; and<\/span><\/li>\n
                            • Other supplementary information \u2013 this largely corresponds to the information that should be provided in a privacy notice<\/span> <\/li>\n<\/ul>\n

                              When Individuals contact Finance House Ltd requesting this information, this is called a Subject Access Request.<\/span> <\/p>\n

                              Finance House Ltd will provide a copy of the information free of charge. However, a \u2018reasonable fee\u2019 may be charged when a request is manifestly unfounded or excessive, particularly if it is repetitive.<\/span> <\/p>\n

                              A reasonable fee may also be charged to comply with requests for further copies of the same information. The fee is based on the administrative cost of providing the information only.<\/span> <\/p>\n

                              Once the identity of the person making the request has been verified, the information will be provided within 1 month, this will be extended to 2 months if the request is complex. Notification will be made to the individual if this is the case.<\/span><\/p>\n

                              9. Complaints<\/span><\/h2>\n

                              It is made clear that data subjects who wish to complain about how their personal data has been processed can raise this with Finance House Ltd complaints procedure. If the data subject is still not happy, then the complaint can be referred to the Information Commissioners Office. Finance House Ltd will advise all individuals of this right.<\/span><\/p>\n

                              10. Data Security and Storage<\/span><\/h2>\n

                              When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see or have access to it.These guidelines also apply to data that is usually stored electronically but has been printed out for some reason;<\/span> <\/p>\n

                                \n
                              • When not required, the paper or files should be kept in a locked drawer or filing cabinet.<\/span><\/li>\n
                              • Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer;<\/span><\/li>\n
                              • Data printouts should be shredded and disposed of securely when no longer required.<\/span><\/span>\n

                                <\/p>\n<\/li>\n<\/ul>\n

                                 When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts;<\/p>\n

                                 Data should be protected by strong passwords or encryption products;<\/span><\/p>\n

                                  \n
                                • If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used;<\/span><\/li>\n
                                • Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing services;<\/span><\/li>\n
                                • Servers containing personal data should be sited in a secure location, away from general office space;<\/span><\/li>\n
                                • Data should be backed up frequently. Those backups should be tested regularly, in line with the company\u2019s standard backup procedures;<\/span><\/li>\n
                                • Data should never be saved directly to laptops or other mobile devices like tablets or smart phones;<\/span><\/li>\n
                                • All servers and computers containing data should be protected by approved security software and a firewall.<\/span><\/li>\n<\/ul>\n

                                  The point that personal data is accessed is when it can be at greatest risk of loss, corruption, theft, unlawful access, Finance House Ltd will;<\/span> <\/p>\n

                                    \n
                                  • When working with personal data, employees should ensure the screens of their computers are always locked when left unattended;<\/span><\/li>\n
                                  • Personal data should not be shared informally. It should never be sent by email, as this form of communication is not secure.<\/span><\/li>\n
                                  • Data must be encrypted before being transferred electronically.<\/span><\/li>\n
                                  • Personal data should never be transferred outside of the European Economic Area unless contractual arrangements are in place highlighting adequate safeguards and protection to the rights of individuals.<\/span><\/li>\n
                                  • Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.<\/span><\/li>\n<\/ul>\n

                                    11. Consumer Duty<\/span><\/h2>\n

                                    The Financial Conduct Authority (FCA) introduced the Consumer Duty as the 12th Principle of Business stating, \u2018a firm must act to deliver good outcomes for retail customers.\u2019 The Duty came into effect for new and existing regulated products or services from the 31st of July 2023 and will come into effect for closed book products on the 31st of July 2023.<\/span> <\/p>\n

                                    The new Duty comprises of:<\/span> <\/p>\n

                                    Three cross-cutting rules:<\/span> <\/p>\n

                                      \n
                                    • To act in good faith towards retail customers<\/span><\/li>\n
                                    • Avoid foreseeable harm to retail customers<\/span><\/li>\n
                                    • Enable and support retail customers to pursue their financial objectives<\/span> <\/li>\n<\/ul>\n

                                      And<\/span> <\/p>\n

                                      Four consumer outcomes:<\/span> <\/p>\n

                                        \n
                                      • Price and Value<\/span><\/li>
                                      • Products and Services<\/span><\/li>\n
                                      • Consumer Understanding<\/span><\/li>\n
                                      • Consumer Support<\/span> <\/li>\n<\/ul>\n

                                        The Duty is intended to improve outcomes for all customers, and the FCA expect continuous monitoring of products, services, and relationships to identify where distinct groups of customers, such as customers with characteristics of vulnerability or customers who share protected characteristics (as defined by the Equality Act 2010 or equivalent legislation) get worse outcomes than other customers.<\/span><\/p>\n

                                         With the requirement to monitor outcomes for retail customers, it is likely Finance House Ltd will be further processing personal data to achieve this. Finance House Ltd understands that the Consumer Duty does not replace other requirements such as those set out within GDPR UK and the DPA 2018. Finance House Ltd have systems and controls in place to identify and support customers who display characteristics of vulnerability. Where a customer shares information that is considered \u2018Special Category Data\u2019 Finance House Ltd will always seek explicit consent from the data subject to process such information. For more information on how Finance House Ltd identifies and supports vulnerable customers please visit our Vulnerable Customer Policy.<\/p>\n

                                         Finance House Ltd understands that with the introduction of the Consumer Duty, it is likely the level of communications issued by the business will increase. This will be necessary to support customers to understand the products and services offered by the business and to provide support to customers throughout the lifecycle of the relationship. The ICO in conjunction with the FCA have created further guidance for firms in relation to direct marketing and regulatory communications. PRIN 2A.5 within the FCA Handbook also sets out expectations on consumer understanding within electronic communications and the distribution of financial promotions.<\/p>\n

                                         Finance House Ltd does use cookies to track and test  customer engagement and actions throughout the customer journey or customer communications. Finance House Limited understands that under the Privacy and Electronic Communications Regulation (PECR) opt-in consent is required when using these types of cookies.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

                                        Data Protection Policy 1. Introduction   Finance House Ltd needs to gather and use certain information about individuals. This can include […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-42","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/clients.finsburymedia.com\/finance-house\/wp-json\/wp\/v2\/pages\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/clients.finsburymedia.com\/finance-house\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/clients.finsburymedia.com\/finance-house\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/clients.finsburymedia.com\/finance-house\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/clients.finsburymedia.com\/finance-house\/wp-json\/wp\/v2\/comments?post=42"}],"version-history":[{"count":10,"href":"https:\/\/clients.finsburymedia.com\/finance-house\/wp-json\/wp\/v2\/pages\/42\/revisions"}],"predecessor-version":[{"id":2102,"href":"https:\/\/clients.finsburymedia.com\/finance-house\/wp-json\/wp\/v2\/pages\/42\/revisions\/2102"}],"wp:attachment":[{"href":"https:\/\/clients.finsburymedia.com\/finance-house\/wp-json\/wp\/v2\/media?parent=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}