We treat data protection and the maintenance of your personal data with the utmost importance.
1.1. Who are we
At Scroll Finance Limited (“we”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and all other mandatory laws and regulations of the United Kingdom.
• Customers, prospective customers and, where applicable, employees of our customers
• Suppliers and employees of our suppliers
• Business contacts
• Third parties, such as property and building trade professionals, mortgage brokers, debt advisors, solicitors and insolvency practitioners
• Visitors to our website;
• Users of our mobile application(s) and
• Any other people that we have a relationship with or may need to contact.
1.2. Who is Your Data Controller
Scroll Finance Limited is your Data Controller and responsible for your Personal Data. If you have any inquiries about your data, please contact our Data Protection Officer using either an email at firstname.lastname@example.org using the subject “privacy” or send in a letter to 102 Central Boulevard, Blythe Valley Business Park, Solihull B90 8AG.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
2. LEGAL BASIS FOR DATA COLLECTION
“Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together below. Not all of the following types of data will necessarily be collected from you, nor are the examples exhaustive, but this is the full scope of data that we collect and when we collect it from you:
• Profile Data: This is data such as your first name, last name, gender, date of birth etc.
• Business Data: This is data such as the legal name of your business, trading names, names of shareholders and directors etc.
• Financial: This is data relating to your banking information.
• Employment Data: This is data relating to your employer and job title.
• Contact Data: This is data relating to your home and mobile phone numbers, addresses, email addresses, as well as correspondence that is exchanged between us. This includes post, telephone calls (which may be recorded for the purpose of security and training), automated voice message, SMS text message, digital messaging application or email.
• Advertising preferences: This is data relating to the way we might advertise to you such as product and services purchased and interaction with online advertisements etc.
• Property Data: This is data relating to the mortgaged property and/ or to the property subject to potential development.
• Trade professional services: This is data relating to any property development related work that you tell us about, any documentation that you share about this and the correspondence and / or feedback that you enter into with any matched or potentially matched, trade professionals
• Requested Loan Details: This is data relating to the loan you have requested.
• Characteristic Data: This is data in relation to characteristics that are used to categorize certain risks.
• Website and Mobile Application Data: This is data relating to your use of this website and mobile application including IP address, operating system, browser type and settings.
• Marketing and Communications Data: This is your preference in receiving marketing information and other information from us.
• Criminal Offences Data: Confirmation that you do not have any prior criminal convictions or offences.
Special Categories of Personal Data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. Some of the Personal Data we collect about you or which you provide to us may be special categories of data.
2.2. How We Obtain Your Personal Data
You may provide us with your Personal Data. We also receive information about you from third parties including mortgage brokers; trade professionals; our suppliers, contractors and consultants; fraud prevention agencies; public websites and public agencies.
You may give us Personal Data about yourself by using the online forms provided on our website and in our mobile application, setting up an account with us, using bulletin boards or forums on our website, or by contacting us by phone, email or other means. This includes, for example, where you provide your Personal Data to us in order to receive products, deliveries, information or services from us. If you are a supplier, you may also give us Personal Data about you when you are offering or providing services to us.
2.3. The Legal Basis for Collecting That Data
There are a number of justifiable reasons under the GDPR that allow collection and processing of Personal Data. The main avenues we rely on are:
• “Contractual Obligations”: We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.
• “Legal Compliance”: We’re required by law to collect and process certain types of data, such as fraudulent activity or other illegal actions.
• “Legitimate Interest”: We might need to collect certain information from you to be able to meet our legitimate interests - this covers aspects that can be reasonably expected as part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address, so that we know where to deliver something to, or your name, so that we have a record of who to contact moving forwards. Our legitimate interests also include running, growing and developing our business; operating our website and app; carrying out marketing, market research and business development; and for internal group administrative purposes.
• “Consent”: Certain situations allow us to collect your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service. We may use your special categories of data where you have provided your consent. If we rely on your consent for us to use your Personal Data in a particular way, but you later change your mind, you may withdraw your consent by contacting us at email@example.com and we will stop doing so.However, if you withdraw your consent, this may impact the ability for us to be able to provide our financial services to you (for example, if those services require use of your special categories of data such as health information).
3. HOW WE USE YOUR PERSONAL DATA
3.1. Our Uses
We will only use your Personal Data when the law allows us to. We will never process your data without a legal basis for doing so and it is for a related purpose. We use your Personal Data in order to:
• assess your eligibility for and, where applicable, provide you with our financial services as part of an existing or prospective contract with you and our mobile app which helps you manage our services
• provide property analytic services and property valuations
• match you and your potential projects with appropriate trade professionals
• deal with any enquiries or issues you have about our products and services that you request from us
• send you certain communications about our products and services such as administrative messages (for example, setting out changes to our terms and conditions and keeping you informed about our fees and charges)
• carry out statistical analysis and market research on people who may be interested in our products and services; and
• if it is in our legitimate interests for business development and marketing purposes, contact you (including by email, phone, post, SMS, automated voice messaging, and digital messaging) with information about our products and services or the products and services of our suppliers which either you request, or which we feel will be of interest to you; and
• if you are a sole trader or a non-limited liability partnership and if you have consented, contact you by email with information about our products and services or the products and services of our suppliers which either you request, or which we feel will be of interest to you.
For further inquiries please contact us.
3.2. Marketing and Content Updates
You will receive marketing and new content communications from us if you have chosen to opt into receiving those communications. From time to time we may make suggestions and recommendations to you about goods or services that may be of interest to you.
3.3. Change of Purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. AUTOMATED DECISION-MAKING AND PROFILING
In relation to our customers and potential customers, we use systems to make automated decisions (including profiling) based on the Personal Data you have given us or that we have received from third parties. This involves working with credit reference agencies and fraud prevention agencies, whose software tools we use to assist us in making lending decisions efficiently and accurately.
With regard to the use of automated decision-making, you have the right to request human intervention; express your point of view; and to contest any decision made.
5. YOUR RIGHTS AND HOW YOU ARE PROTECTED BY US
5.1. How Does Scroll Finance Limited Protect Customers' Personal Data?
We are concerned with keeping your data secure and protecting it from inappropriate disclosure. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. If and when we use subcontractors to store your data, we will not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession. However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under the control of Scroll Finance Limited to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us.
5.2. Your Rights in Relation to Your Personal Data
You have certain rights in relation to your Personal Data. If you would like further information in relation to these or would like to exercise any of them, please contact us via email at firstname.lastname@example.org at any time.
You have the following rights:
5.2.1.Right of access. You have a right of access to any Personal Data we hold about you. You can ask us for a copy of your Personal Data; confirmation as to whether your Personal Data is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the United Kingdom or the European Economic Area ("EEA").
5.2.2.Right to update your information. You have a right to request an update to any of your Personal Data which is out of date or incorrect.
5.2.3.Right to delete your Personal Data. You have a right to ask us to delete any Personal Data which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by emailing us at email@example.com.
We will pass your request onto other recipients of your Personal Data unless that is impossible or involves disproportionate effort. You can ask us who the recipients areby emailing us at firstname.lastname@example.org.
5.2.4.Right to restrict use of your Personal Data. You have a right to ask us to restrict the way that we process your Personal Data in certain specific circumstances. You can ask us for further information on these specific circumstances by emailing us at email@example.com.We will pass your request onto other recipients of your Personal Data unless that is impossible or involves disproportionate effort. You can ask us who the recipients are emailing us at firstname.lastname@example.org.
5.2.5.Right to stop marketing. Please see "Opting Out of Marketing Promotions" below.
5.2.6.Right to data portability. You have a right to ask us to provide your Personal Data to a third party provider of services. This right only applies where we use your Personal Data on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.
5.2.7.Right to object. You have a right to ask us to consider any valid objections which you have to our use of your Personal Data where we process your Personal Data on the basis of our or another person's legitimate interest.
5.3. Opting Out Of Marketing Promotions
You can ask us to stop sending you marketing messages at any time by following the unsubscribe instructions in each marketing message.
Where you opt out of receiving these marketing messages, we will continue to retain other Personal Data provided to us as a result of interactions with us not related to your marketing preferences.
5.4. How to Request your Data and the Process for Obtaining it
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, if your request is clearly unfounded, we could refuse to comply with your request. We may need to request specific information from you to help us confirm your identity and ensure you have the right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
6. YOUR DATA AND THIRD PARTIES
6.1. Sharing Your Data With Third Parties
We may share your Personal Data with the following third parties:
6.1.3.Credit reference agencies (CRA) and fraud prevention agencies in order to conductcredit and fraud searches and to verify your identity. We need to carry out this type of processing for our legitimate interests (i.e. the prevention of fraud and money laundering) and compliance with our legal obligations. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations.
6.1.4.For the purposes of providing our services, other third party service providers, such as payment service providers, identity verification service providers and conveyancing service providers.
6.1.5.Third parties in connection with collections and recoveries, such as debt collection agencies, tracing providers, field agents and asset managers.
6.1.6. Trade professionals such as building contractors, installers, architects and other related members of the building and property refurbishment trades.
6.2. Third-Party Links
6.3. Credit Reference Agencies (CRA)
In order to process your application, we will perform credit and identity checks on you with one or more CRAs. We may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your Personal Data to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
• Assess your creditworthiness and whether you can afford to take the product
• Verify the accuracy of the data you have provided to us
• Manage your account(s)
• Trace and recover debts; and
• Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRA, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share Personal Data, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA information notice (CRAIN) at: Credit Reference Agency Information Notice (CRAIN) | Experian
6.4. Prevention of Fraud and Money Laundering
The Personal Data we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting Cifas at Fair Processing Notices for Cifas
7. HOW LONG WILL WE RETAIN YOUR DATA FOR?
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. The length of time for which we retain Personal Data depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. We may retain your Personal Data for a longer period than usual in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
8. AGE LIMIT FOR OUR USERS
You must not use Scroll Finance Limited unless you are aged 18 or older. If you are under 18 and you access Scroll Finance Limited by lying about your age, you must immediately stop using Scroll Finance Limited.
This website is not intended for children and we do not knowingly collect data relating to children.
9. INTERNATIONAL TRANSFER OF DATA
Your information may be stored and processed in the UK or other countries or jurisdictions outside the UK where Scroll Finance Limited has facilities or suppliers.
These measures may include the following:
• ensuring that there is an adequacy decision by the UK Government in the case of transfers out of the UK, or by the European Commission in the case of transfers out of the EEA, which means that the recipient country is deemed to provide adequate protection for such personal data; or
• where we have in place standard model contractual arrangements with the recipient which have been approved by the European Commission (or the UK Government for transfers out of the UK in due course). These model contractual clauses include certain safeguards to protect the personal data;
Further details on the steps we take to protect your Personal Data, in these cases is available from us on request by emailing email@example.com at any time.
10. NOTIFICATION OF CHANGES AND ACCEPTANCE OF POLICY
All uses of the word “including” mean “including but not limited to” and the enumerated examples are not intended to in any way limit the term which they serve to illustrate. Any email addresses set out in this policy may be used solely for the purpose for which they are stated to be provided, and any unrelated correspondence will be ignored. Unless otherwise required by law, we reserve the right to not respond to emails, even if they relate to a legitimate subject matter for which we have provided an email address. As a matter of common sense, you are more likely to get a reply if your request or question is polite, reasonable and there is no relatively obvious other way to deal with or answer your concern or question (e.g. FAQs, other areas of our website etc.).
Generally our staff are not authorised to contract on behalf of Scroll Finance Limited, waive rights or make representations (whether contractual or otherwise). If anything contained in an email from a Scroll Finance Limited address contradicts anything in this policy, our terms or any official public announcement on our website, or is inconsistent with or amounts to a waiver of any Scroll Finance Limited rights, the email content will be read down to grant precedence to the latter. The only exception to this is genuine correspondence expressed to be from the directors of Scroll Finance Limited (or on their behalf).
12. EMAIL DISCLAIMER
Information contained in emails sent by us is confidential and is intended for the addressee(s) only. If you are not the intended recipient of the e-mail, please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of themessage is strictly forbidden. We will not be liable for direct, special, indirect or consequential damages as a result of any virus being passed on, or arising from alteration of the contents of the message by a third party.