REIM Capital’s Privacy Notice
LAST UPDATED: 3rd November 2022
“REIM Capital”, “we”, “us” and “our” means REIM Capital Limited and our Affiliates, and we are committed to respecting your privacy.
We are registered in the UK and our registered address is at 11 Manchester Square, London, W1U 3PW and our company registration number is 11996979.
“Affiliates” means, in respect of any person, any other person controlling, controlled by or under the common control of that person. Please note that an investment fund shall be deemed to be controlled by (and be an Affiliate of) its investment adviser.
About this Privacy Notice
REIM Capital respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you as to how we look after your personal data when you use our services and tell you about your privacy rights and how the law protects you.
For the purposes of data protection law, we are a data controller in respect of your personal data that we collect and process. REIM Capital is responsible for ensuring that it uses your personal data in compliance with General Data Protection Regulation ((EU) 2016/679) (GDPR) and the Data Protection Act 2018 (DPA 2018).
This Privacy Notice applies if you are an applicant, borrower, agent or intermediary.
The Privacy Notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this Privacy Notice together with any other policies we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other notices and is not intended to override them.
We may update this Privacy Notice from time to time and so you should check back periodically. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Personal data that we collect about you
We will collect and process the following personal data about you:
Information that you provide directly to us or one of our Affiliates. This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include:
-
identity (for example, your name, address and date of birth), contact and financial information about you as an applicant, borrower, agent or intermediary as well as about directors, partners, members, shareholders, beneficial owners and guarantors;
-
contact data which includes addresses, email addresses and telephone numbers;
-
personal data in any of the above forms about other named applicants. You must have the authority to provide the personal data to us and have shared this Privacy Notice with them beforehand;
-
Financial data which includes your bank account and payment card details; and
-
information provided to us during the course of a loan (including, if you are a borrower, agent or intermediary, certain personal, identity, contact and financial information about directors, partners, members, shareholders, beneficial owners and guarantors).
If you fail to provide personal data
Where we need to collect personal data by law, under the terms of a contract we have with you, and you fail to provide the data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with services). In this case, we have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Information we obtain from other sources
We may also obtain information about you from third parties including but not limited to credit reference agencies, fraud prevention agencies, insolvency practitioners, debt advisers, tracing agents, commercial databases, marketing databases, public records and other publicly available information sources, including information about your business or company (e.g. previous credit applications, personal credit information, electoral register and fraud prevention information).
How is your personal data collected?
Where we use different methods to collect data from and about you including through:
-
Direct interactions: you may give us your personal data by filling in forms or by corresponding with us by post, phone email or otherwise. This includes personal data you provide when you apply for our product or services, give us feedback or contact us.
-
Third parties or publicly available sources: we will receive personal data about you from various third parties as set out below.
Uses of your personal data
Your personal data may be stored and processed by REIM Capital in the following ways and for the following purposes:
-
To make lending decisions: if you are an applicant or borrower, this may include assessing your application, checking details on proposals and claims for all types of insurance, making a credit decision, opening accounts and/or verifying your identity.
-
To verify your identity and prevent any fraud or money laundering: by, for example, checking details provided on applications for credit related or other facilities.
-
If you give us false or inaccurate information and/or we suspect of identify fraud or money laundering risks, we will record this and may allow law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. We may also access and use information recorded by credit or fraud prevention agencies in other countries. This information may contain your personal data.
-
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested and/or we may stop providing existing services to you with immediate effect.
-
-
To provide you with information and services that you request from us: this will include maintaining accounts, updating our records, verifying your identity, transferring or receiving money and servicing your loan.
-
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
-
To comply with our legal obligations.
-
For audit: we are required to process certain data to meet our audit obligations.
-
For debt collection: enforcing loan or security provisions or tracing you in the case of a default.
-
To make suggestions and recommendations to you about services that may be of interest to you.
Personal data protection principles
We adhere to the principles relating to processing of personal data set out in the GDPR which require personal data to be:
-
processed lawfully, fairly and in a transparent manner;
-
collected only for specified, explicit and legitimate purposes;
-
adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
-
accurate and where necessary kept up to date;
-
not kept in a form which permits identification of data subjects (an individual about whom we hold personal data) for longer than is necessary for the purposes for which the data is processed
-
processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage;
-
not transferred to another country without appropriate safeguards being in place (please see ‘Transfer of your information to Affiliates’ and ‘Transfers of personal data outside the European Economic Area’ below for further information); and
-
made available to data subjects and allow data subjects to exercise certain rights in relation to their personal data.
We are responsible for and must be able to demonstrate compliance with the data protection principles listed above.
Lawful Basis
We are entitled to use your personal data in these ways because:
-
you (or an agent or intermediary acting on your behalf) require us to take specific steps to decide if we can enter into a loan contract with you, including to make credit decisions and where appropriate provide you with indicative loan terms and/or a loan offer – the processing of your personal data is necessary for us to do this;
-
the processing is necessary for us to enter into a loan agreement with you and to comply with our obligations under the loan agreement including to provide you with information and services that you request from us;
-
we have legal and regulatory obligations that we have to discharge, particularly in respect to the prevention of fraud and money laundering, to comply with your rights under data protection law if you make a request and to comply with certain of our audit obligations;
-
we may need to use your personal data to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
-
the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our Affiliates), such as:
-
to be able to comply with the contractual obligations we have with our institutional funding lines;
-
being able to enforce our contractual agreements including but not limited to our loan agreements terms and conditions and loan security;
-
being able to carry out internal and external audits on our loans and origination processes to ensure quality and consistency across our portfolio; or
-
preventing fraud and money laundering as well as protecting the business of REIM Capital and its Affiliates more generally.
-
Transfer of your information to Affiliates
Any of the personal data we collect about you may be transferred to our Affiliates to be stored and processed in the ways and for the purposes set out above in this Privacy Notice.
Disclosure of your information to third parties
We may share your personal data outside of REIM Capital and our Affiliates to the following third parties:
-
with credit reference and fraud prevention agencies. If false or inaccurate information is provided and/or fraud is suspected or identified, details will be passed to fraud prevention agencies;
-
we may disclose your personal data to our institutional funding lines and equity providers in accordance with our contractual obligations. Any such disclosure will be subject to confidentiality requirements and your personal data would only be used as described in this Privacy Notice;
-
if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes;
-
if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer;
-
to third party agents or contractors (for example, the providers of our electronic data storage services, auditors, solicitors or valuers) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this Privacy Notice;
-
if there is an emergency or we need to protect the security of our business or your vital interests;
-
to government bodies and agencies in the UK and overseas;
-
payment systems if you require us to use them to process transactions; and
-
to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Transfers of personal data outside the European Economic Area
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for us, our Affiliates or for one of our suppliers.
Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance:
-
the country that we send the data to might be approved by the European Commission;
-
the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or
-
where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.
In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention of personal data
How long we hold your personal data for will vary. The retention period will be determined by various criteria including:
-
the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose;
-
legal obligations – laws and regulations may set a minimum period for which we have to keep your personal data;
-
regulatory and tax purposes; and
-
accounting and reporting requirements
Please note we will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes as set out above. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Your rights
You have a number of legal rights in relation to the personal data that we hold about you. These rights include:
-
the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
-
the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another reason (other than consent) for doing so;
-
in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
-
the right to request that we rectify your personal data if it is inaccurate or incomplete;
-
the right to request that we erase or correct your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
-
the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are entitled to continue processing your personal data and / or to refuse that request; and
-
the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us.
You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.
Credit and fraud prevention agencies
When credit reference agencies receive a search from us they will:
-
place a credit search “footprint” on your company credit file whether or not your application proceeds. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when your business applies for credit in the future;
-
place an enquiry search on the personal credit files of any director/owner or partner that have been searched. Place an associate enquiry search on your personal financial partner’s credit file, if that is checked, if they are a director. These enquiry searches will not be seen by other organisations if any director/owner or partner applies for credit in the future;
-
link together the previous and subsequent names advised by you, of anyone that is a party to the account;
-
place an enquiry or identification search on the record of any shareholder who is a beneficial owner and who we have checked; and
-
create a record of the name and address of your business and its proprietors if there is not one already.
Credit reference agencies may supply the following information to us:
-
information about your business or company, such as previous applications for credit and the conduct of the accounts and also similar personal credit information in your name and of your business partners;
-
public information such as County Court Judgments (CCJs) and bankruptcies;
-
electoral register information on you and your business partners;
-
fraud prevention information; and
-
confirmation or otherwise that the usual residential addresses supplied by directors match those on the restricted register held at Companies House (or for those directors’ addresses registered under section 243 of the Companies Act, that the usual residential addresses supplied by directors match those on the credit reference agency’s proprietary business directory).
What credit reference and fraud prevention agencies do with your data
Your personal data may be used by credit reference and fraud prevention agencies to prevent fraud and money laundering and to verify your identity.
Credit reference agencies will keep records of outstanding debt on file for six years after they are closed, whether settled by you or defaulted.
Fraud prevention agencies may hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
Your information will not be used by credit reference agencies to create a blacklist or to make a decision.
The information which we and other organisations provide to the credit reference agencies and/or fraud prevention agencies about you, your business partners and details about your business may be supplied by credit reference agencies and fraud prevention agencies to other organisations and used by them to:
-
prevent crime, fraud and money laundering by, for example checking details provided on applications for credit and credit related or other facilities;
-
check the operation of credit and credit-related accounts;
-
verify your identity if you or your business partner(s) apply for other facilities*;
-
make decisions on credit and credit related services about you and/or your business partner, or your business;
-
manage your personal, your business partner’s and/or business credit or credit related account(s);
-
trace your whereabouts and recover debts that you owe;
-
conduct other checks to prevent or detect fraud; and
-
undertake statistical analysis and system testing.
* Where your information is passed to fraud prevention agencies, a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.
Data transfers by fraud prevention agencies
Organisations may access and use from other countries the information recorded by fraud prevention agencies.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Promotional offers from us
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
Third Party Marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Contacting us
If you would like further information on the collection, use, disclosure, transfer or processing of your personal data, the exercise of any of the rights listed above, or if you have any other questions about the processing of your personal data, please address questions, comments and requests at DataCo International UK Ltd, Suite 1, 3rd Floor, 11-12 St James's Square, London, SW1Y 4LB.
If you have any questions about this Privacy Notice, please contact our Data Protection Officer (DPO), DataCo International UK Ltd on 0203 514 6557 or by email at privacy@dataguard.co.uk.
Data Protection Regulator
Information Commissioner’s Office (ICO) is the UK’s independent body set up to upload information rights. We confirm we are registered with the ICO.
You have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues. You may contact the ICO’s helpline on 0303 123 1113 or you may visit their website https://ico.org.uk/ for more information. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.