Turner Finance Ltd Logo

Privacy

Privacy notice

Turner (Finance) Limited (the "Company" “we”)

What is a privacy notice?

We want to ensure that individuals (“you”) understand what information we have about you, how we will use it and what we will use it for.

We are a "data controller" which means that we are responsible for deciding how we hold and use certain personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

This Privacy Notice is dated 14/09/2018

Changes to this Privacy Notice

We may update this Privacy Notice in line with changes to how we process personal data. We will publish any new version of the Privacy Notice on our website.

Data Protection Legislation

On 25th May 2018 Regulation 2016/678 of the European Union on the protection of personal data (GDPR) came into force and the Data Protection Act (DPA) was amended by the Data Protection Act 2004 (Amendment Regulations) 2018 incorporating the requirements under the GDPR.

Data Protection Principles

We will ensure that the personal information we hold about you is:

  • used lawfully, fairly and in a transparent way.
  • collected only for specified and legitimate purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • adequate, relevant and limited to what is necessary in relation to the purposes we have told you about.
  • accurate and kept up to date.
  • not kept in a form which permits your identification for longer than necessary and kept only as long as necessary for the purposes we have told you about.
  • kept securely.

What information about you will we use?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

The types of personal data that we will collect, store and use about you may include:

  • name (including where relevant) maiden name and contact information such as your home and/or business address, email address and telephone number and emergency contact details;
  • identity and biographical information including your nationality gender, date of birth, marital status and dependants, tax status and information, passport / national identity card details and country of domicile, your employment and employment history, job title and role, educational profile, interests and other information relevant to our provision of professional services;
  • information in relation to your financial situation such as income, expenditure, assets, liabilities, sources of wealth, as well as your bank account details, information relating to any previous loans you may have obtained and other information necessary for processing payments and for fraud prevention purposes.

Special Categories of Personal Data

There are also "special categories" of more sensitive personal data which we may also collect, process and store.

These special categories may include your race or ethnicity, religious beliefs, sexual orientation, trade union membership, political opinions and information relating to criminal convictions and offences. These special categories of personal data require a higher level of protection and we will ensure that this is achieved.

How is your personal information collected?

Most of the information we collect is obtained from you. You may, for example, provide us with personal information when you initially request us to provide our services and otherwise during the normal course of providing our services.

You may also provide us with personal information when completing our “Application for Credit Facilities” form or our “Proposed Guarantor Data Sheet” or responding to our KYC (“know your customer”) requirements.

You provide us with personal information when you:

  • get in touch with us via our website;
  • email our general enquiries address;
  • directly interact with us personally (or via email);
  • provide us with documentation we may require for compliance with our “know your customer” obligations;
  • complete any forms which we may require in order to assist us with our compliance with our “know your customer” obligations, determining whether to grant an individual a facility or to comply with our obligations under any facility that we enter into.

We may receive personal data about you from public registries and from various third parties.

We may also collect personal information about you from you or sometimes from persons or entities authorised by you to provide us with information.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Our Basis for processing

How and why will we use your personal information?

We may process your personal data for the following purposes;

  • providing a proposal to you in relation to the services we offer;
  • assessing the terms of any facility that is made in your favour (including the carrying out of background checks);
  • perform the contract we have entered into with you;
  • providing our services to you;
  • managing our relationship with you (including billing and financial management), for record-keeping purposes and more generally for our proper and efficient operation;
  • dealing with any complaints or feedback you may have;
  • monitoring and improving the performance and effectiveness of our services, including by training our staff;
  • any other purpose for which you provide us with your personal data;
  • seeking advice on our rights and obligations, such as where we require our own legal advice, and to exercise and defend our legal rights;
  • compliance with our legal and regulatory obligations, such as anti-money laundering laws (which may include the carrying out of background checks and retention of a record of such checks), data protection laws and tax reporting requirements, and / or to assist with investigations by police and / or other competent authorities (e.g. the Gibraltar Financial Services Commission) (where such investigation complies with relevant law) and, where necessary, to comply with Court orders;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • to protect your interests;
  • (on rare occasions) where it is needed in the public interest.

We may process your personal data for any of the purposes set out above where one (or more) of the following lawful processing grounds applies:

  • it is necessary to perform a contract with you;
  • to take the necessary steps before entering into a contract with you;
  • it is necessary for us to comply with our legal obligations;
  • it is necessary for our legitimate interests (including the operation of our business, and the provision of professional services) or those of any client or relevant third party, unless those legitimate interests are overridden by your interests or fundamental rights or freedoms; and/or
  • you have consented to the processing in question.

The situations in which we will commonly use your personal information include:

  • provide services to you under the loan agreement we have entered into with you;
  • liaising with regulators (like the Gibraltar Financial Services Commission);
  • liaising with third party service providers (where relevant);
  • liaising with other legal advisors in respect of the services being provided to you by us.

Who else might your personal information be shared with?

We may have to share your data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

Such third parties include third-party service providers including (but not limited to), for example, debt collection agencies for more information about which specific agencies and/or service providers we have provided your personal information to, please contact us.

We require third parties to respect the security of your data and to treat it in accordance with the law.

We may transfer your personal information outside the EEA. If we do, you can expect a similar degree of protection in respect of your personal information.

For how long will your personal information be kept?

We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected.

We may keep your personal data for longer where we are required to do so by law, or it is necessary to establish make or defend a legal claim or an applicable code of conduct permits or requires us to retain the data for longer.

In most cases we will keep your personal data for 7 years following the satisfaction of any repayments owed to us or the end of the loan agreement.

In circumstances where we have rejected an individual’s application for a facility agreement, we will immediately delete, destroy or (if requested) return to the relevant individual, copies of any personal information which has provided to us for the purposes of determining the application.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and the likelihood of a legal claim.

How will your personal information be kept safe?

We take the security of your personal information very seriously and we have put in place internal controls and security measures to protect it.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. Personal data will only be transferred to a data processor if he agrees to comply with those measures, or if he puts in place adequate measures himself.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

What are your rights in relation to your personal information?

You have certain rights in relation to your personal data as summarised here:

  • Right to be informed – you have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights; this is why we are providing you with the information in this privacy notice;
  • Right to withdraw consent – where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time;
  • Right of access – you can request access to your personal data by contacting us;
    Correcting your information – where we hold information about you that is inaccurate or incomplete, you have the right to ask us to rectify, or complete it;
  • Erasing your information – in certain circumstances you may require us to erase and/or destroy the information;
  • Right to restrict processing – in certain circumstances you have the right to restrict some processing of your personal information, which means that you can ask us to limit what we do with it;
  • Right to object to processing – you can object to us processing your personal information in certain circumstances, including where we are using it for the purpose of the Company’s legitimate business interests as set out above;
  • Right to data portability – you have the right to obtain from us and re-use your personal data for your own purposes. This only applies, however, where the processing is carried out by automated means, to personal data that you have provided to us yourself (not any other information) and where the processing is based on your consent or for the performance of a contract;
  • Right to complain - you are able to submit a complaint to the Regulator about any matter concerning your personal information, using the details below. However, we take our obligations seriously, so if you have any questions or concerns, we would encourage you to raise them with us first, so that we can try to resolve them.

Subject Access Requests

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request in circumstances where your request is clearly unfounded, repetitive or excessive.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests as soon as reasonably practicable and, in any event, within 30 days of receipt of the request except in cases of complex or multiple requests.

The Regulator

You have the right to make a complaint at any time to the Gibraltar Regulatory Authority (the “GRA”), the supervisory authority for data protection issues in Gibraltar. We would, however, appreciate the chance to deal with your concerns before you approach the GRA so please contact us in the first instance

Gibraltar Regulatory Authority
2nd floor
Eurotowers 4
1 Europort Road
Gibraltar
GX11 1AA
Tel: (+350) 200 74636
Email:info@gra.gi

Contact information

If you have any questions about anything in this privacy notice, please do not hesitate to contact us. Our contact details are:

Turner (Finance) Limited
65-67 Irish Town
Gibraltar
Tel: (+350) 200 75968
Email: finance@turner.gi