The General data Protection Regulation

Background

From 25 May 2018, the EU General Data Protection Regulation ((EU) 2016/679 "GÐPR") will replace the current EU data protection regime established by the Data Protection Directive 95/46/EC (the "Directive).

Unlike the Directive, the GDPR will have direct effect throughout the EU. The scope of the GDPR is extensive and although many of the principles in the Directive have been transposed into the GDPR, the GDPR introduces a number of new provisions, which will have a material impact on controllers, processors and data subjects (as these terms are defined in the GDPR).

The GDPR specifically addresses the principle of transparency by requiring that controllers provide data subjects with certain information about the processing of their personal data. London Forfaiting Company (“LFC”) ensures compliance with the principle of transparency by setting out the obligations of LFC and the rights of data subjects regarding the processing of personal data in its data protection notice located on our website (http://www.forfaiting.com/page.asp?n=privacy) as amended from time to time (the "Data Protection Notice). The Data Protection Notice provides the information required by the GDPR, including information regarding the legal basis for the processing, the sources and categories of the collected personal data, the categories of recipients of the personal data and the criteria used to determine the period for which the personal data will be stored.

London Forfaiting Company Data Protection Notice                          

The protection of your personal data is important to LFC, which has adopted strong principles in that respect.  Your information will be held by LFC which is part of the FIMBank Group. This Privacy Notice is to let you know how LFC will look after your personal information. Including what you tell us about yourself, what we learn from you as a counterparty, client, employee or director. This Privacy Notice also tells you about your privacy rights and how the Law protects you.

We are responsible, as a controller for collecting and processing your personal data in relation to our activities.  The purpose of this Data Protection Notice is to let you know which personal data we collect about you, the reasons why we use and share such data, how long we keep it, what your rights are and how you can exercise them.

Our Privacy Promise

·         To keep your data safe and private.

·         Not to sell your data.

·         To give you ways to manage and review your marketing choices at any time.

Which Personal Data Do We Use About You?

We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalised products and services.

Counterparties and clients are obligated to share personal data with LFC under Anti-Money Laundering regulations and KYC policies.

Directors are obligated to share personal data with LFC under UK Companies Act Legislation.

All employees of LFC will be contractually obligated to share certain categories with LFC in order for both parties to uphold their contractual obligations to one another.

We may collect various types of personal data about you, including:

·         identification information (e.g. name, lD card and passport numbers, national insurance numbers, nationality, place and date of birth, gender, photograph, lP address);

·         contact information (e.g. postal address and e-mail address, phone number);

·         family situation {e.9. marital status, number of children};

·         tax status (e.g. tax lD, tax status);

·         education and employment information {e.g. level of education, employment, employers name, remuneration);

·         banking, financial and transactional data {e.g. bank account details, money transfers, assets, credit history, debts and expenses),

·         data relating to which relates to your use of our products and services including banking, financial and transactional data;

·         data from your interactions with us, our branches (contact reports}, our internet websites, our apps, our social media pages, meetings, calls, chats, emails, interviews, phone conversations;

We never ask for personal data related to your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, data concerning your sexual orientation or data relating to criminal convictions and offences ("Criminal Record Data') unless it is required through a legal obligation.

The data we use about you may be directly provided by you or obtained from other sources in order to verify or enrich our databases, such as:

·         publications/databases made available by official authorities

·         our corporate clients or service providers;

·         third parties such as credit reference agencies and fraud prevention agencies or data brokers in conformity with the data protection legislation;

·         websites/social media pages containing information made public by you (e.g. your own website or social media); and

·         databases made publicly available by third parties.

ln certain circumstances, we may collect and use personal data of individuals with whom we have, could have, or previously had, a direct relationship such as:

·         visitors to our websites;

·         prospective or existing clients; or

·         attendees of our events.

The Purpose of Processing                                                                                                  

The purposes of the processing will differ depending on the person and their relationship with LFC.

Client Data will be processed under the legal basis of contractual obligation, legal duty and legitimate interests. Processing of information will be for the legal and contractual purposes relating to due diligence and other necessary compliance. Data may also be shared within the group.

Director’s information will be processed under legal duty and legitimate interests. This includes sharing information with new counterparties and clients.

Employee data will be processed under the legal basis of contractual obligation and legitimate interests. This will include all processing of information that relates to the employment contract.

Legitimate interests will encompass any Human Resources reporting and data shared within the FIMBank group.

The Lawful Basis under which the data will be processed                                                           

For LFC to collect, retain and process personal data we will require one or more of the below reasons to do so:

·         To fulfil a contractual obligation.

·         When it is a legal duty.

·         Within our legitimate interests

·         When consent is provided

 

When LFC has a business or commercial reason of our own to use your information, this is called ‘Legitimate Interest’. We will tell you what that is, if we are going to rely on that as a legal basis for using your data. Even then, it must not go against your interests as an individual.

 

LFC’s legitimate interests that would lead to the processing of personal data and how the personal data is used:

Clients

The collection, retention and processing of Client personal information:

·         To ensure LFC are fully compliant with regulatory law and the processes necessary to conduct business transactions.

·         For records of transactions and future transactions.

·         For reporting purposes.

·         For liability purposes should LFC need to conduct legal proceedings.

LFCs reasons (Legal Basis) for processing the information:

 

·         Contractual Obligation

·         Legitimate interests

·         Legal Duty

Legitimate Interests:

 

·         Ensure full compliance with all regulatory laws.

·         Fraud prevention

·         Record and reporting.

·         Business management and development.

 

Directors

The collection, retention and processing of Director’s personal information:

 

·         To ensure LFC are fully compliant with regulatory law and the processes necessary for the business’ transactions.

·         Maintaining business functions, bank accounts, company’s house, KYC.

 

LFCs reasons (Legal Basis) for the processing of the information:

 

·         Legitimate interests

·         Legal Duty

Legitimate interests:

 

·         Ensure full compliance with all regulatory laws.

·         Fraud prevention

 

Employees

The collection, retention and processing of personal data on employees:

 

·         To uphold the contractual obligation to you, including payroll and employee benefits.

·         To report and manage LFC staffing.

·         To ensure staff have the legal right to work and are compliant under regulations.

 

LFC’s reasons (Legal Basis) for processing the information:

 

·         Contractual Obligation

·         Legitimate interests

·         Legal Duty

The Legitimate interests:

 

·         Ensure compliance with regulators and laws, as well as company policies.

·         Manage the business

·         Prevention of fraud.

·         Governance and oversight

 

Whom LFC may share your data with                                                                                

Whom LFC shares you data with will depend on your relationship with LFC. Recipients of employee personal data will be third party processors such as Capita Employee Solutions, Aviva Plc and Bupa.

Data relating to clients, directors and employees may be shared with FIMBank and other companies within the group, counterparties and clients and LFC’s HR and Compliance Departments and the following authority bodies:

·         HM Revenue and Customs (or other tax authorities as appropriate)

·         Central and local government

·         Law enforcement and fraud prevention agencies

·         UK financial services compensation schemes

Outside companies we work with include:

·         Someone linked with your account (trustees, beneficiaries, etc.)

·         Agents who help us collect what we are owed

·         Independent advisors

·         Previous employers

·         Other financial service companies

·         Insurers

If Data is transferred outside of the EEA                                                                                                     

Our policy for transferring data outside of the EEA is in line with the GDPR, all necessary checks and screening of the recipient and the recipient’s country will be conducted in line with GDPR. If the recipient does not meet the criteria, the data will not be shared. You will be informed when, where and to whom you data is transferred.

How long personal data will be retained                                                               

We will retain your personal data for the longer of (i) the period required by applicable law; or (ii) such other period necessary for us to meet our operational obligations, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory requests. 

Most personal data collected is kept for the duration of the contractual relationship with you plus a period of at least six years after the end of the contractual relationship, or as otherwise required by applicable law. 

Records may be retained for longer periods if it cannot be deleted due to legal, technical or regulatory reasons. For example, pension information or if your beneficiary is due to receive payments.

Individual Rights regarding your personal information and LFC                                     

There are a number of rights you can exercise over your data held and processed by LFC, including the right to:

·         Access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.

·         Rectify: where you consider that your personal data is inaccurate or incomplete, you can require that such personal data be modified accordingly.

·         Erase: you can require the deletion of your personal data, to the extent permitted by law.

·         Restrict: you can request the restriction of the processing of your personal data.

·         Object: you can object to the processing of your personal data, on grounds relating to your particular situation. 

·         Withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.

·         Data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.

There may be legal or other official reasons why LFC need to keep or use your data. However, please tell us if you think that we should not be using it.

If you require further information, or if you wish to exercise the rights listed above, please send a letter or e-mail to the Data Controllers as set out below.

The Right to Complain to LFC and the Supervisory Body                                                

In accordance with applicable regulation, in addition to your rights above you have the right to complain directly to LFC by contacting the Data Controllers.  You are also entitled to lodge a complaint with the competent supervisory authority should you feel that your information is being misused or is subject to a breach that LFC is directly responsible for, that jeopardises your rights and freedoms as a private individual.

London Forfaiting Company, Data Controllers and Supervisory Authority

 

London Forfaiting Company Limited
(Registered in England & Wales)

11 Ironmonger Lane,

London,

EC2V 8EY

Email: lfc@forfaiting.com

DATA CONTROLLERS

William Ramzan

Head of Finance and Human Resources.
Company Secretary.

William.Ramzan@Forfaiting.com

+44 (0)207 397 1510

Paul Bohannon

MRLO and Business Manager.

Paul.Bohannon@Forfaiting.com

+44 (0)207 397 1510

Supervisory Authority

Information Commissioners Office

0303 123 1113

Or you can report it online at: www.ICO.org.uk

 

London Forfaiting Company Ltd 11 Ironmonger Lane, London EC2V 8EY, United Kingdom, E-mail: lfc@forfaiting.com
London Forfaiting Company Ltd is a company registered in England and Wales with company number 01733470.
VAT Registration Number GB 877 5904 67
LEI Number 213800GULXX1JBOHV435